Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)

Tags: Anomalies, Policy, Firewall, Resolving, Detecting, Detecting and Resolving Firewall Policy Anomalies,
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Detecting and Resolving Firewall Policy Anomalies
Post: #1

Detecting and Resolving Firewall Policy Anomalies


To provide an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions
Post: #2
Detecting and Resolving Firewall Policy Anomalies

.pdf  1Detecting and Resolving.pdf (Size: 1.55 MB / Downloads: 74)


The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled
us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by
unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private
networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the
quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the
complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent
an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy
anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an
intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall
policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our
approach can discover and resolve anomalies in firewall policies through rigorous experiments.


AS one of essential elements in network and information
system security, firewalls have been widely deployed
in defending suspicious traffic and unauthorized access to
Internet-based enterprises. Sitting on the border between a
private network and the public Internet, a firewall examines
all incoming and outgoing packets based on security rules.
To implement a security policy in a firewall, system
administrators define a set of filtering rules that are derived
from the organizational network security requirements.
Firewall policy management is a challenging task due to
the complexity and interdependency of policy rules. This is
further exacerbated by the continuous evolution of network
and system environments. For instance, Al-Shaer and
Hamed [1] reported that their firewall policies contain
anomalies even though several administrators including
nine experts maintained those policies. In addition, Wool [2]
recently inspected firewall policies collected from different
organizations and indicated that all examined firewall
policies have security flaws.


Packet Space Segmentation and Classification

As we discussed in Section 2, existing anomaly detection
methods could not accurately point out the anomaly
portions caused by a set of overlapping rules. In order to
precisely identify policy anomalies and enable a more
effective anomaly resolution, we introduce a rule-based
segmentation technique, which adopts a binary decision
diagram (BDD)-based data structure to represent rules
and perform various set operations, to convert a list of rules
into a set of disjoint network packet spaces. This technique
has been recently introduced to deal with several research
problems such as network traffic measurement [9], firewall
testing [10] and optimization [11].

Grid Representation of Policy Anomaly

To enable an effective anomaly resolution, complete and
accurate anomaly diagnosis information should be represented
in an intuitive way. When a set of rules interacts, one
overlapping relation may be associated with several rules.
Meanwhile, one rule may overlap with multiple other rules
and can be involved in a couple of overlapping relations
(overlapping segments). Different kinds of segments and
associated rules can be viewed in the uniform representation
of anomalies (Fig. 1c). However, it is still difficult for an
administrator to figure out how many segments one rule is
involved in. To address the need of a more precise anomaly
representation, we additionally introduce a grid representation
that is a matrix-based visualization of policy anomalies.


Our policy anomaly management framework is composed of
two core functionalities: conflict detection and resolution, and
redundancy discovery and removal, as depicted in Fig. 3. Both
functionalities are based on the rule-based segmentation
technique. For conflict detection and resolution, conflicting
segments are identified in the first step. Each conflicting
segment associates with a policy conflict and a set of
conflicting rules. Also, the correlation relationships among
conflicting segments are identified and conflict correlation
groups (CG) are derived. Policy conflicts belonging to
different conflict correlation groups can be resolved separately;
thus, the searching space for resolving conflicts is
reduced by the correlation process. The second step
generates an action constraint for each conflicting segment
by examining the characteristics of each conflicting segment.


Our framework is realized as a proof-of-concept prototype
called Firewall Anomaly Management Environment. Fig. 9
shows a high-level architecture of FAME with two levels.
The upper level is the visualization layer, which visualizes
the results of policy anomaly analysis to system administrators.
Two visualization interfaces, policy conflict viewer
and policy redundancy viewer, are designed to manage
policy conflicts and redundancies, respectively. The lower
level of the architecture provides underlying functionalities
addressed in our policy anomaly management
framework and relevant resources including rule information,
strategy repository, network asset information, and
vulnerability information.


There exist a number of algorithms and tools designed to
assist system administrators in managing and analyzing
firewall policies. Lumeta [30] and Fang [31] allow user
queries for the purpose of analysis and management of
firewall policies. Essentially, they introduced lightweight
firewall testing tools but could not provide a comprehensive
examination of policy misconfigurations. Gouda et al. [32]
devised a firewall decision diagram (FDD) to support
consistent, complete, and compact firewall policy generation.
Bellovin et al. [33] introduced a distributed firewall model
that supports centralized policy specification. Several other
approaches presenting policy analysis tools with the goal of
detecting policy anomalies are closely related to our work.
Al-Shaer and Hamed [1] designed a tool called Firewall
Policy Advisor to detect pairwise anomalies in firewall rules.
Yuan et al. [5] presented FIREMAN, a toolkit to check for
misconfigurations in firewall policies through static analysis.
As we discussed previously, our tool, FAME, overcomes the
limitations of those tools by conducting a complete anomaly
detection and providing more accurate anomaly diagnosis
information. In particular, the key distinction of FAME is its
capability to perform an effective conflict resolution, which
has been ruled out in other firwall policy analysis tools.


In this paper, we have proposed a novel anomaly management
framework that facilitates systematic detection and
resolution of firewall policy anomalies. A rule-based
segmentation mechanism and a grid-based representation
technique were introduced to achieve the goal of effective
and efficient anomaly analysis. In addition, we have
described a proof-of-concept implementation of our anomaly
management environment called FAME and demonstrated
that our proposed anomaly analysis methodology is
practical and helpful for system administrators to enable an
assurable network management.
Our future work includes usability studies to evaluate
functionalities and system requirements of our policy
visualization approach with subject matter experts. Also,
we would like to extend our anomaly analysis approach to
handle distributed firewalls. Moreover, we would explore
how our anomaly management framework and visualization
approach can be applied to other types of access
control policies.

Marked Categories : firewall, detecting and resolving firewall policy anomalies doc, detecting and resolving firewall policy anomalies report, detecting and resolving firewall policy anomalies, how to find policy anomalies in firewall, detecting and resolving firewall policy anomalies project, detect and resolve firewall code project, detection and resolution of firewall policy anomaliesfull project free download, detecting and resolving firewall full project, firewall policy anomalies, abstract of detecting and resolving firewall policy anomalies, detecting and resolving firewall policy anomalies in code project, detecting and resolving firewall policy anomalies ppt,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  ppt of street light that glows on detecting vehicle movement Guest 1 626 12-10-2017 09:10 AM
Last Post: jaseela123
  ppt metal detecting circuit Guest 1 149 05-10-2017 02:54 PM
Last Post: jaseela123
Thumbs Down chemistry project on soybean milk and its compression milk curd and taste Guest 1 203 02-10-2017 02:38 PM
Last Post: jaseela123
  RF Controlled Robot with Metal Detector and Wireless image and voice transmission Guest 1 210 02-10-2017 12:24 PM
Last Post: jaseela123
Lightbulb ppt on street light that glows on detecting vehicle movement Guest 1 136 30-09-2017 02:07 PM
Last Post: jaseela123
  murach php and mysql chapter 1 quiz questions and answers pdf Guest 0 253 30-09-2017 10:18 AM
Last Post: Guest
  Investigation and Analysis of Inception Voltage and Field Distribution seminar presentation 1 7,704,524 22-09-2017 11:06 AM
Last Post: jaseela123
  Design and Analysis Of Algorithms : Seminar Report and PPT seminar projects maker 1 349 21-09-2017 12:04 PM
Last Post: jaseela123
  modules for delay analysis and optimization of scheduling policy of multi hop wireless networks Guest 1 399 20-09-2017 02:11 PM
Last Post: jaseela123
  Detecting False Data in Wireless Sensor Network using Efficient Becan Scheme seminar tips 1 2,292 20-09-2017 01:03 PM
Last Post: jaseela123
This Page May Contain What is Detecting and Resolving Firewall Policy Anomalies And Latest Information/News About Detecting and Resolving Firewall Policy Anomalies,If Not ...Use Search to get more info about Detecting and Resolving Firewall Policy Anomalies Or Ask Here