Affiliations: Norwegian Information Security Laboratory, Center for Cyber and Information Security, Norwegian University of Science and Technology, Gjøvik, Norway
Corresponding author: Andrii Shalaginov, Norwegian Information Security Laboratory, Center for Cyber and Information Security, Norwegian University of Science and Technology, Teknologivegen 22, P.O. Box 191, N-2802 Gjøvik, Norway. Tel.: +47 61 13 53 75; E-mail:[email protected]
Abstract: This paper describes research in progress on the application of Neuro-Fuzzy (NF) to support large-scale network traffic dumps analysis in the domain of Network Security. In particular we focus on patterns of benign and malicious activity that can be found in network traffic dumps and can facilitate to firewall rules generation. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules.
In our research we contribute to forensics science and network security by bringing more generalized fuzzy rules. An increase in network communication over the last decade cause to appear such amount of data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism. In particular, we focus on network firewalls application.