Ανάλυση πολιτικών κανόνων τειχών προστασίας με χρήση τεχνολογίας natural language processing
Analysis of firewall policy rules using natural language processing technology

View/ Open
Keywords
Πολιτική ασφαλείας ; GRPC ; Επεξεργασία Φυσικής Γλώσσας (NLP) ; Τεχνητή νοημοσύνη ; Iptables ; Αλγόριθμοι NLP ; Embeddings ; Μετρικές ομοιότητας ; Οπτικοποίηση δεδομένων ; Βελτίωση εταιρικής ασφάλειας ; Δικτυακές υποδομές ; Security policy ; Natural language processing ; Artificial intelligence ; Data analysis ; NLP algorithms ; Similarity metrics ; Data visualization ; Corporate security improvement ; Network infrastructures ; NLP ; AIAbstract
This thesis focuses on comparing the ideal security policy, which is provided by an organization-company in natural language, with the existing security policy retrieved using GRPC technology and analyzed to extract more information. The ideal security policy acts as an optimal security model and is converted into iptables rules for the Linux environment, using advanced Natural Language Processing (NLP) techniques, a branch of Artificial Intelligence (AI).
The next phase involves a thorough evaluation of seven different NLP algorithms for generating embeddings. The goal of this evaluation is to select the algorithm that produces the most efficient and accurate iptables rule comparison results for further analysis of security policies. After selecting the most suitable algorithm, the work proceeds by converting the security rules of the two policies - existing and ideal - into corresponding embeddings representations.
Next, a metric is applied to the embeddings to calculate the similarity percentage of each rule. This detailed process provides an accurate picture of the similarities and differences in the security rules, allowing for the composition of an overall similarity percentage of the two policies. The results of this comparative analysis are presented visually, which facilitates understanding and allows for a transparent and objective evaluation of the security policies. Through this innovative methodology, the thesis provides a powerful tool for improving corporate security policies, enhancing the security and reliability of network infrastructures.