Mining Frequent Patterns in Firewall Logs Using Apriori Algorithm with WEKA

Abstract

With the enormous growth of security incidents in computer networks, the network security defense has gained significant attention from the information industry and network community. Firewalls are the first lines of defense for protecting computer networks and important information. They function as routers to connect different network segments together. Furthermore, they considered as the most important elements in the networks used by organizations to enforce their security policy. The security policies of enterprises and companies are implemented as firewall rules. These firewall rules are sensitive and any misconfiguration of them will cause anomalies. The subject of mining of frequent patterns in itemsets of the dataset is considered as one of the most important aspects in data mining technology. Apriori algorithm is the simplest and most powerful association rule mining (ARM) algorithms which can be efficiently used for mining frequent itemsets in the dataset. In this study, we proposed Apriori algorithm on WEKA to extract frequent itemset in the firewall logs to determine the best association rules that ensure the general orientations in the dataset.