ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Detecting and Resolving Firewall Policy Anomalies Using Rule-Based Segmentation

Journal: International Journal of Computer Science and Mobile Computing - IJCSMC (Vol.2, No. 4)

Publication Date:

Authors : ;

Page : 134-137

Keywords : Segmentation; Correlation; Packet space; conflict; Distributed;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

In this paper we present an anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. We represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. .Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation among those rules. We also introduce a flexible conflict resolution method to enable a fine-grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.

Last modified: 2013-05-02 15:11:20