In this section, the overall process of mining log file to
generate policy rules and its architecture will be presented as
shown in Fig. 1.
The process consists of the following five iterative
components in sequence: (1) to analyze and generate an initial
set of firewall policy rules, to collect firewall log raw data, and
to extract the attributes for data mining, (2) to perform data
mining of Association Rule Mining and Mining firewall Log
using Frequency) along generalization to discover a new set of
the updates to the initial firewall policy rules, (3) to identify
decaying rules and dominant rules, and (4) to edit and generate
the updated firewall policy rules, generalized and anomaly-free.
12 1+%/)8*8#($#:*-";%//#