Detecting and Resolving Firewall Policy Anomalies Using Rule-Based SegmentationJournal: International Journal of Computer Science and Mobile Computing - IJCSMC (Vol.2, No. 4)
Publication Date: 2013-04-15
Authors : Anbarasan.A Balasubramani.G Madhan.C Naveenkumar.P N.S.Nithya;
Page : 134-137
Keywords : Segmentation; Correlation; Packet space; conflict; Distributed;
In this paper we present an anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. We represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. .Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation among those rules. We also introduce a flexible conflict resolution method to enable a fine-grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.
Other Latest Articles
Last modified: 2013-05-02 15:11:20