Firewall policy anomaly detection and resolution

Authors

  • Darade RV Department of Computer Engineering, SCOE, Sudumbare, Pune
  • Kumbharkar PB Department of Computer Engineering, SCOE, Sudumbare, Pune University of Pune

Keywords:

Anomaly management, Firewall, policy firewall log

Abstract

Security of all private networks in businesses and institutions is achieved by firewall. Firewall provides protection by the quality of policy configured. Lack of Systematic analysis mechanism and Tools, Complex firewall configuration makes designing and managing firewall policies difficult. With help of segmentation rule, anomaly management framework is designed for accurate detection and effective resolution of anomalies. Using this technique, packets of network can be divided into set of disjoint packet space segments. Every segment is associated with unique set of firewall rules which specify an overlap relation among all firewall rules which could be conflicting or redundant. Flexible conflict resolution method is provided which has many resolution strategies for risk assessment of protected networks and its policy definition. Firewall logs are maintained by using association rule mining on these logs to find frequent logs, which in turned filtered to find malicious packets. Apriori algorithm is used to find frequent element from above logs. In each round, it computes the support for all candidate-item-sets. Candidate-item-sets with frequency above the minimum support parameter are selected at the end of each round; these frequent item-sets of round are used in the next round to construct candidate -item-sets. The algorithm halts when item-sets with desired frequency not found.

References

. E. Al-Shaer and H. Hamed, “Discovery of Policy Anomalies in Distributed Firewalls,” IEEE INFOCOM ’04, vol. 4, pp. 2605-2616, 2004 Security Applications Conference (ACSAC), 2008.

. D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19:236–243, May 1976.

. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20:504–513, July, 1977.

. W. Cui, R. H. Katz, andW. tian Tan. Design and Implementation of an extrusion-based break-in detector for personal computers. In ACSAC, pages 361–370. IEEE Computer Society, 2005.

. M. G. Jaatun, J. Jensen, H. Vegge, F. M. Halvorsen, and R. W. Nergard. Fools download where angels fear to tread. IEEE Security & Privacy, 7(2):83–86, 2009.

. H. Xiong, P. Malhotra, D. Stefan, C. Wu, and D. Yao. Userassisted hostbased detection of outbound malware traffic. In Proceedings of

International Conference on Information and Communications Security (ICICS), December 2009.

. R. Gummadi, H. Balakrishnan, P. Maniatis, and S Ratnasamy. Not-a-Bot: Improving service availability in the face of botnet attacks. In

Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NDSI), 2009.

. M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In ESEC-FSE ’07: Proceedings of the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering, pages 5–14, New York, NY, USA, 2007. ACM.

. A. Srivastava and J. Giffin. Tamper-resistant, Application-aware blocking of malicious network connections. In RAID ’08: Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, pages 39–58, Berlin, Heidelberg, 2008. SpringerVerlag

. S. Garriss, R. C´aceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized Computing on public kiosks. In

MobiSys ’08: Proceeding of the 6th international conference on Mobile systems, applications, and services, pages 199–210, New York,

NY, USA, 2008. ACM.

. A. Baliga, P. Kamat, and L. Iftode. Lurking in the shadows: identifying systemic threats to kernel data. In IEEE Symposium on Security and Privacy, pages 246–251. IEEE Computer Society, 2007.

. J. Wei, B. D. Payne, J. Giffin, and C. Pu. Soft-timer driven transient kernel control flow attacks and defense. In ACSAC ’08: Proceedings of the 200 Annual Computer Security Applications Conference, pages 97–107, Washington, DC, USA, 2008. IEEE Computer Society.

. Z. Wang, X. Jiang, W. Cui, and X. Wang. Countering persistent kernel rootkits through systematic hook discovery. In RAID ’08: Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, pages 21–38, Berlin, Heidelberg, 2008. Springer-Verlag.

Downloads

Published

2024-02-26

How to Cite

Darade, R., & Kumbharkar, P. (2024). Firewall policy anomaly detection and resolution. COMPUSOFT: An International Journal of Advanced Computer Technology, 3(06), 879–883. Retrieved from https://ijact.in/index.php/j/article/view/156

Issue

Section

Original Research Article

Similar Articles

<< < 2 3 4 5 6 7 8 9 10 > >> 

You may also start an advanced similarity search for this article.