Detecting network applications using firewall logs (CROSBI ID 720336)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Adrian Komadina, Mihael Marović, Stjepan Groš
engleski
Detecting network applications using firewall logs
Every day, many firewall logs are generated that contain a lot of useful information about devices and applications in the network. In this paper, we try to detect network applications using only data in firewall logs. Detection of such applications could be used for audit, gaining a better visibility into the network, and to create better firewall policies. Two approaches were implemented for network application detection, one based on the classification methods and the other based on distances between samples using three different metrics. The methods we experimented with were based on ports and IP addresses only. The analysis of ports was done to reduce the number of different ports used as features for classification. In addition to the methods implemented, a measure of certainty was developed based on the number of different ports used for classification. Based on the partial knowledge of the target environment, the methods were continuously improved, from which conclusions were drawn and results presented. In reviewing the results, an analysis of the results of the two approaches was carried out. The approaches were compared based on the advantages and disadvantages of each approach in terms of the information they provide.
network applications ; firewall ; logs ; classification
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
1-7.
2022.
objavljeno
10.23919/MIPRO55190.2022.9803394
Podaci o matičnoj publikaciji
Proceedings of the International Convention MIPRO
Podaci o skupu
MIPRO 2022
predavanje
23.05.2022-27.05.2022
Opatija, Hrvatska