An on-line agglomerative clustering method for nonstationary data
Neural Computation
Evaluation and testing of internet firewalls
International Journal of Network Management
Specification-Based Testing of Firewalls
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Packet classification in large ISPs: design and evaluation of decision tree classifiers
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
Dynamic rule-ordering optimization for high-speed firewall filtering
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
V6Gene: A Scalable IPv6 Prefix Generator for Route Lookup Algorithm Benchmark
AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 01
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Efficient packet classification using TCAMs
Computer Networks: The International Journal of Computer and Telecommunications Networking
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
An Automated Framework for Validating Firewall Policy Enforcement
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Design and evaluation of packet classification systems
Design and evaluation of packet classification systems
ClassBench: a packet classification benchmark
IEEE/ACM Transactions on Networking (TON)
An Efficient Clustering Scheme to Exploit Hierarchical Data in Network Traffic Analysis
IEEE Transactions on Knowledge and Data Engineering
Model Checking Firewall Policy Configurations
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Towards network security policy generation for configuration analysis and testing
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
| Hi-index | 0.00 |
Security policies are an essential part in the operations of any networking system. Test policies are always needed for conducting research and development. Such policies are required in various phases of research related to many problems as performance optimization, device testing, and configuration analysis. In this paper, we introduce a novel technique that utilizes trace repositories to generate traffic-driven firewall policies. An online clustering mechanism is designed and developed to infer rule criteria and policy structure from the traffic. The approach generates policies relevant to the environment while satisfying structural features specified by testing requirements. Clustering parameters are tuned to fit the need of the testing domain. High level structural features (policy size, distinct rules, rule specificity, etc) are mapped to algorithm input parameters. The technique evaluation shows the flexibility as well as the accuracy of the generated policies compared to actual administrator-defined policies.