Conflict analysis for management policies
Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
Packet classification using tuple space search
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Building Internet firewalls (2nd ed.)
Building Internet firewalls (2nd ed.)
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
TCP/IP and Related Protocols: IPv6, Frame Relay, and ATM
TCP/IP and Related Protocols: IPv6, Frame Relay, and ATM
Fault and Leak Tolerance in Firewall Engineering
HASE '98 The 3rd IEEE International Symposium on High-Assurance Systems Engineering
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Fast Firewall Implementations for Software and Hardware-Based Routers
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
A machine learning approach to detecting attacks by identifying anomalies in network traffic
A machine learning approach to detecting attacks by identifying anomalies in network traffic
Mining concept-drifting data streams using ensemble classifiers
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Packet classification in large ISPs: design and evaluation of decision tree classifiers
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Model of Stateful Firewalls and Its Properties
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Algorithms for advanced packet classification with ternary CAMs
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Firewall Policies and VPN Configurations
Firewall Policies and VPN Configurations
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
IEEE Transactions on Parallel and Distributed Systems
Topological transformation approaches to optimizing TCAM-based packet classification systems
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Detection and resolution of anomalies in firewall policy rules
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Discovering access-control misconfigurations: new approaches and evaluation methodologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
Classification of Log Files with Limited Labeled Data
Proceedings of Principles, Systems and Applications on IP Telecommunications
Hi-index | 0.00 |
The firewall is usually the first line of defence in ensuring network security. However, the management of manually configured firewall rules has proven to be complex, error-prone and costly for large networks. Even with error-free rules, presence of defects in the firewall implementation or device may make the network insecure. Evaluation of effectiveness of policy and correctness of implementation requires a thorough analysis of network traffic data. We present a set of algorithms that simplify this analysis. By analysing only the firewall log files using aggregation and heuristics, we regenerate the effective firewall rules, i.e., what the firewall is really doing. By comparing these with the original rules, we can easily find if there is any anomaly in the original rules, and if there is any defect in the implementation. Our experiments show that the effective firewall rules can be regenerated to a high degree of accuracy from a small amount of data.