SlideShare uma empresa Scribd logo

An Effective Policy Anomaly Management Framework for Firewalls

IJMER
IJMER

International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.

Tecnologia
1 de 4
Baixar para ler offline
www.ijmer.com International Journal of Modern Engineering Research (IJMER) Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 An Effective Policy Anomaly Management Framework for Firewalls Akula Kranthi Kumar1, Syed Gulam Gouse2 1 2 M.Tech, Nimra College of Engineering & Technology, Vijayawada, A.P., India. Professor, Dept.of CSE, Nimra College of Engineering & Technology, Vijayawada, A.P., India. ABSTRACT: Firewalls are devices or programs that control the flow of network traffic between hosts or networks that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in various other network environments. At one time, most firewalls were deployed at the network perimeters. This provided some measure of protection for internal hosts, but it could not recognize all instances and forms of attacks, and attacks sent from one internal host to another often do not pass through network firewalls. Because of these and other factors network designers now often include firewall functionality at places other than the network perimeter to provide an additional layer of network security. Due to the increasing threat of network attacks, firewalls have become important integrated elements not only in the enterprise networks but also in small-size and home networks. Firewalls have been the frontier defense for secure networks against attacks and unauthorized traffic by filtering out unnecessary network traffic coming into or going from the secured network. In this paper, we represent an effective policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. Keywords: Anomalies, FAME, Firewall, Policies. I. INTRODUCTION With the global Internet connection, network security has gained significant attention in both the research and industrial communities. Due to the increasing threat of network attacks, firewalls have become important integrated elements not only in the enterprise networks but also in small-size and home networks. A firewall is a security guard placed at the point of entry between a private network and the outside Internet so that all incoming and outgoing traffic have to pass through it. A packet can be viewed as a tuple with a finite number of fields; examples of these fields are source/destination IP address, source/destination port number, and protocol type. By examining the values of these fields for each incoming and outgoing packet, a firewall accepts legal packets and discards illegitimate ones according to its configuration. A firewall configuration defines which packets are legal and which are illegal. An error in a firewall configuration means a wrong definition of being legitimate or illegitimate for some packets, which will either allow unauthorized access from the outside Internet to the private network, or disable some legitimate communication between the private network and the outside network. How to design a correct firewall configuration is therefore a very important security issue. Firewalls have been the frontier defense for secure networks against many attacks and unauthorized traffic by filtering out unwanted network traffic coming into or going from the secured network. The filtering decision is taken according to a set of ordered filtering rules written based on the predefined security policy requirements. Although deployment of firewall technology is an important step toward securing the networks, the complexity of managing firewall policy might limit the effectiveness of firewall security. A firewall policy may include anomalies, where a network packet may match with two or more different filtering rules. When the filtering rules are defined, serious attention has to be given to rule relations and interactions in order to determine the proper rule ordering and to guarantee correct security policy semantics. As the number of filtering rules increases, then the difficulty of writing a new rule or modifying an existing one also increases. It is very likely, in this case, to introduce the conflicting rules such as one general rule shadowing another specific rule, or correlated rules whose relative ordering determines different actions for the same packet. In addition, a typical large-scale enterprise network might involve hundreds of rules that might be written by various administrators in various times. This significantly increases the potential of the anomaly occurrence in the firewall policy, jeopardizing the security of the protected network [1]. Therefore, the effectiveness of the firewall security is dependent on providing policy management techniques and tools that enable network administrators to analyze and verify the correctness of written firewall legacy rules. II. RELATED WORK Effective mechanisms and tools for policy management are crucial to the success of the firewalls. Recently, policy anomaly detection has received a great deal of attention [2], [3], [4], [5]. Corresponding policy analysis tools, such as Firewall Policy Advisor [2] and FIREMAN [3], with the goal of detecting the policy anomalies have been introduced. Firewall Policy Advisor only has the capability of detecting pairwise anomalies in firewall rules. FIREMAN can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all the preceding rules. However, FIREMAN also has several limitations in detecting anomalies [4]. For each firewall rule, FIREMAN only examines all the preceding rules but ignores all subsequent rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only show that there is a misconfiguration between oner ule and its preceding rules, but cannot accurately indicate all the rules involved in an anomaly. www.ijmer.com 2916 | Page
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 A first approach to addressing our problem domain is the use of the refinement mechanisms. In this way, we can perform a top-down deployment of the rules by unfolding a global set of security policies into the configurationsof several components and guaranteeing that those deployed configurations are free of anomalies. In [6], for example, the authors present a refinement method that uses a formal model for the generation of filtering rules by transforming general rules into specific configuration rules. Indeed, the authors propose the use of roles to better define of network capabilities, and the use of an inheritance mechanism through a hierarchy of entities to automatically generate permissions and prohibitions. A second refinement approach based on the concept of roles is also presented in [7]. However, and although the authors claim that their work is based on the Role Base Access Control (RBAC) model, their specification of the network entities, roles, and permission assignments are not rigorous and does not fit any reality. Most of these limitations are solved in the approach as presented in [8], where a global set of rules based on theOrganization Based Access Control (OrBAC) model [2] are further deployed into specific firewall configuration files through a transformation process. Generally, the administrators are reluctant to set up from scratch a whole network security policy, and prefer recycling existing configurations. III. FIREWALL POLICIES AND ANOMALIES A firewall policy rule is defined as a set of criteria and an action to perform when a network packet matches the criteria. The criteria of a rule consist of the elements direction, protocol, source port, source IP, destination IP and destination port. Therefore a complete rule may be defined by the ordered tuple <direction, protocol, source IP, source port, destination IP, destination port, action>. Each attribute can be defined as a range of values, which can be represented and analyzed as the sets. The relation between two rules essentially mean that the relation between the set of packets they match. Thus the action field does not come into play when considering the relation between the two rules. Firewall policy anomaly is defined as the existence of two or more firewall filtering rules that may match the same packet . The existence of a rule that can never match any network packet on the network paths that cross the firewall also cause anomaly. Till date, five types of anomalies are discovered – they are: Shadowing Anomalies, Correlation Anomalies, Generalization Anomalies, Redundancy Anomalies, and Irrelevance Anomalies. Shadowing anomaly: Two rules are said to have shadowing anomaly ,whenever the rule which comes first in the rule set matches all the packets and the second rule which is positioned after the first rule in rule set does not get chance to match any packet because the previous rule has matched all the packets. Correlation anomaly: Two rules are said to have correlation anomaly if both of the rules matches some common packets that is the rule one matches some packets, which are also matched by the rule second. Generalization anomaly: Two rules which are in order one of them is said to be in the generalization of another if the first rules matches all the packets which can be also matched by the second rule but the action performed is different in both the rules. Redundancy anomaly: Two rules are said to be redundant if both of the rules matches some packets and the action performed is also the same. So there is no effect on the firewall policy if one of the redundant rules will be removed from the rule set. Irrelevance anomaly: Any rule is said to be irrelevant if for a given time interval it does not matches any of the network packets either incoming or outgoing. Thus if any type of the packets do not match the rule then it is irrelevant i.e. there is no need to put that rule in the rule set. IV. ANOMALY MANAGEMENT FRAMEWORK In our proposed policy anomaly management framework is composed of two core functionalities: conflict detection and resolution, and redundancy discovery and removal, as depicted in Figure 1. Both of the functionalities are based on the rule-based segmentation technique. For conflict detection and resolution, conflicting segments are identified only in the first step. Each conflicting segment associates with the policy conflict and a set of conflicting rules. Also, the correlation relationships among the conflicting segments are identified and conflict correlation groups (CG) are derived. Policy conflicts belonging to different conflict correlation groups can be resolved separately; thus, the searching space for resolving the conflicts is reduced by the correlation process. The second step generates an action constraint for each of the conflicting segment by examining the characteristics of each conflicting segment. A strategy-based method is introduced for generating the action constraints. The third step utilizes a reordering algorithm, which is a combination of the permutation algorithm and a greedy algorithm, to discover a near-optimal conflict resolution solution for policy conflicts. Regarding redundancy discovery and removal, the segment correlation groups are first identified. Then, the process of the property assignment is performed to each rule’s subspaces. www.ijmer.com 2917 | Page
www.ijmer.com International Journal of Modern Engineering Research (IJMER) Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 Figure 1: Policy anomaly management framework A. Conflict Resolution Our conflict resolution mechanism introduces that an action constraint is assigned to each of the conflicting segment. An action constraint for the conflicting segment defines a desired action (either Allow or Deny) that the firewall policy should take when any packet within the conflicting segment comes to the firewall. Then, to resolve the conflict, we only assure that the action taken for each packet within the conflicting segment can satisfy the corresponding action constraint. To generate action constraints for conflicting segments, we propose a strategy-based conflict resolution method, which generates the action constraints with the help of effective resolution strategies based on the minimal interaction with system administrators. Figure 2 shows the main processes of this method, which incorporates both automated and manual strategy selections. Once conflicts in the firewall policy are discovered and conflict correlation groups are identified, the risk assessment for conflicts is performed. Figure 2: Strategy-based conflict resolution B. Implementation of FAME FAME was implemented in Java language. Based on our policy anomaly management framework, it consists of 6 components: segmentation module, correlation module, risk assessment module, action constraint generation module, rule reordering module, and property assignment module. The segmentation module takes the firewall policies as an input and identifies the packet space segments by partitioning the packet space into disjoint subspaces. Our framework is realized as a proof-of-concept prototype called as Firewall Anomaly Management Environment. Figure 3 shows a high-level architecture of FAME with two levels. The upper level is the visualization layer, which visualizes the results of the policy anomaly analysis to system administrators. Two visualization interfaces, policy conflict viewer and the policy redundancy viewer, are designed to manage policy conflicts and redundancies, respectively. The lower level of the architecture provides underlying www.ijmer.com 2918 | Page
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 functionalities addressed in our proposed policy anomaly management framework and relevant resources including rule information, strategy repository, network asset information, and vulnerability information. Figure 3: Architecture of FAME V. CONCLUSION A firewall is a system acting as an interface of a network to one or more external networks, for example, Internet. It implements the security policies of the network by deciding which packets to let through based on rules defined by the network administrator. Any error in defining the rules may compromise the system security by letting unwanted network traffic pass or blocking desired traffic. Manual definition of the rules often results in a set that contains conflicting, redundant or overshadowed rules, resulting in anomalies in the policy. Manually detecting and resolving these anomalies is a critical task but tedious and error prone task. Existing research on this problem have been focused on the analysis and detection of the anomalies in the firewall policy. A rule-based segmentation mechanism and a grid-based representation technique were introduced to achieve the goal of effective and efficient firewall anomaly analysis. In addition, it is demonstrated that our proposed work is practical and helpful for system administrators to enable an assurable network management. REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] E. Al-Shar and H. Hemed. “Firewall Policy Advisor for Anomaly Detection and Rule Editing.” Proc.of IEEE/IFIP Integrated Management Conference (IM’2003), March 2003. E. Al-Shaer and H. Hamed, “Discovery of Policy Anomalies inDistributed Firewalls,” IEEE INFOCOM ’04, vol. 4, pp. 26052616,2004. L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C.Davis, “Fireman: A Toolkit for Firewall Modeling and Analysis,”Proc. IEEE Symp. Security and Privacy, p. 15, 2006. J. Alfaro, N. Boulahia-Cuppens, and F. Cuppens, “CompleteAnalysis of Configuration Rules to Guarantee Reliable NetworkSecurity Policies,” Int’l J. Information Security, vol. 7, no. 2, pp. 103122,2008. F. Baboescu and G. Varghese, “Fast and Scalable ConflictDetection for Packet Classifiers,” Computer Networks, vol. 42,no. 6, pp. 717- 735, 2003. Bartal, Y., Mayer, A., Nissim, K., and Wool, A. Firmato: A novel firewall management toolkit. In IEEE Symposiumon Security and Privacy, pp. 17–31, Oakland, California, May, 1999. Reed, D. IP Filter. [Online]. Available from:http://www.ja.net/CERT/Software/ipfilter/ip-filter.html Hassan, A. and Hudec, L. Role Based Network Security Model: A Forward Step towards Firewall Management.In Workshop On Security of Information Technologies, Algiers, December, 2003. www.ijmer.com 2919 | Page

Recomendados

Dp4301696701
Dp4301696701Dp4301696701
Dp4301696701IJERA Editor
 
Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Editor IJMTER
 
Cross domain privacy-preserving cooperative firewall optimization
Cross domain privacy-preserving cooperative firewall optimizationCross domain privacy-preserving cooperative firewall optimization
Cross domain privacy-preserving cooperative firewall optimizationJPINFOTECH JAYAPRAKASH
 
Auto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyAuto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyIOSR Journals
 
A Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in FirewallA Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in Firewallijsrd.com
 
A Framework for Security Components Anomalies Severity Evaluation and Classif...
A Framework for Security Components Anomalies Severity Evaluation and Classif...A Framework for Security Components Anomalies Severity Evaluation and Classif...
A Framework for Security Components Anomalies Severity Evaluation and Classif...IJNSA Journal
 
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationCross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationVenkatavarma Vegiraju
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...eSAT Publishing House
 

Recomendados

Dp4301696701
Dp4301696701Dp4301696701
Dp4301696701IJERA Editor
 
Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Editor IJMTER
 
Cross domain privacy-preserving cooperative firewall optimization
Cross domain privacy-preserving cooperative firewall optimizationCross domain privacy-preserving cooperative firewall optimization
Cross domain privacy-preserving cooperative firewall optimizationJPINFOTECH JAYAPRAKASH
 
Auto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyAuto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyIOSR Journals
 
A Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in FirewallA Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in Firewallijsrd.com
 
A Framework for Security Components Anomalies Severity Evaluation and Classif...
A Framework for Security Components Anomalies Severity Evaluation and Classif...A Framework for Security Components Anomalies Severity Evaluation and Classif...
A Framework for Security Components Anomalies Severity Evaluation and Classif...IJNSA Journal
 
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationCross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationVenkatavarma Vegiraju
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...eSAT Publishing House
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networkingHNDE Labuduwa Galle
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
Review on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewallReview on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewalleSAT Publishing House
 
Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...IJCNCJournal
 
52
5252
52ieeeprojectsvadapalani
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 
Ch16
Ch16Ch16
Ch16Joe Christensen
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhaustingjpstudcorner
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...IJNSA Journal
 
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...IJERA Editor
 
36
3636
36ieeeprojectsvadapalani
 
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic NetworksAn Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic NetworksÜlger Ahmet
 
On pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit differenceOn pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit differenceIJMER
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...IJMER
 
Aiden grows a plant
Aiden grows a plantAiden grows a plant
Aiden grows a plantjoycefeuerborn
 
To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...IJMER
 
Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...IJMER
 
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...IJMER
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...IJMER
 
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...IJMER
 

Mais conteúdo relacionado

Mais procurados

Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
Review on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewallReview on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewalleSAT Publishing House
 
Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...IJCNCJournal
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhaustingjpstudcorner
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...IJNSA Journal
 
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...IJERA Editor
 
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic NetworksAn Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic NetworksÜlger Ahmet
 

Mais procurados (14)

Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
 
Review on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewallReview on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewall
 
Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...Distributed firewalls and ids interoperability checking based on a formal app...
Distributed firewalls and ids interoperability checking based on a formal app...
 
52
5252
52
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...
 
Ch16
Ch16Ch16
Ch16
 
A secure scheme against power exhausting
A secure scheme against power exhaustingA secure scheme against power exhausting
A secure scheme against power exhausting
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
 
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...
 
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc ...
 
36
3636
36
 
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic NetworksAn Architectural Concept for Intrusion Tolerance in Air Traffic Networks
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
 

Destaque

On pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit differenceOn pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit differenceIJMER
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...IJMER
 
To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...IJMER
 
Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...IJMER
 
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...IJMER
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...IJMER
 
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...IJMER
 
Simcoe website presentation version 2 dec 16
Simcoe website presentation version 2 dec 16Simcoe website presentation version 2 dec 16
Simcoe website presentation version 2 dec 16Miles McDonald
 
Ac02417471753
Ac02417471753Ac02417471753
Ac02417471753IJMER
 
Discrete Model of Two Predators competing for One Prey
Discrete Model of Two Predators competing for One PreyDiscrete Model of Two Predators competing for One Prey
Discrete Model of Two Predators competing for One PreyIJMER
 
Aw2419401943
Aw2419401943Aw2419401943
Aw2419401943IJMER
 
Integration of Struts & Spring & Hibernate for Enterprise Applications
Integration of Struts & Spring & Hibernate for Enterprise ApplicationsIntegration of Struts & Spring & Hibernate for Enterprise Applications
Integration of Struts & Spring & Hibernate for Enterprise ApplicationsIJMER
 
Ag32637641
Ag32637641Ag32637641
Ag32637641IJMER
 
Comparing: Routing Protocols on Basis of sleep mode
Comparing: Routing Protocols on Basis of sleep modeComparing: Routing Protocols on Basis of sleep mode
Comparing: Routing Protocols on Basis of sleep modeIJMER
 
There was war in heaven
There was war in heavenThere was war in heaven
There was war in heavenRobert Taylor
 
Ax32739746
Ax32739746Ax32739746
Ax32739746IJMER
 

Destaque (19)

On pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit differenceOn pairs of Special Polygonal numbers with Unit difference
On pairs of Special Polygonal numbers with Unit difference
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
 
Aiden grows a plant
Aiden grows a plantAiden grows a plant
Aiden grows a plant
 
To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...To make a biogas energy from different sources & creating awareness between h...
To make a biogas energy from different sources & creating awareness between h...
 
Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...Artificial Intelligence based optimization of weld bead geometry in laser wel...
Artificial Intelligence based optimization of weld bead geometry in laser wel...
 
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
An Experimental Investigation of Capacity Utilization in Manufacturing Indus...
 
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
On ranges and null spaces of a special type of operator named 𝝀 − 𝒋𝒆𝒄𝒕𝒊𝒐𝒏. – ...
 
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
Stability of the Equilibrium Position of the Centre of Mass of an Inextensibl...
 
Shareware
SharewareShareware
Shareware
 
Sistema acustico usg tablaroca
Sistema acustico usg tablarocaSistema acustico usg tablaroca
Sistema acustico usg tablaroca
 
Simcoe website presentation version 2 dec 16
Simcoe website presentation version 2 dec 16Simcoe website presentation version 2 dec 16
Simcoe website presentation version 2 dec 16
 
Ac02417471753
Ac02417471753Ac02417471753
Ac02417471753
 
Discrete Model of Two Predators competing for One Prey
Discrete Model of Two Predators competing for One PreyDiscrete Model of Two Predators competing for One Prey
Discrete Model of Two Predators competing for One Prey
 
Aw2419401943
Aw2419401943Aw2419401943
Aw2419401943
 
Integration of Struts & Spring & Hibernate for Enterprise Applications
Integration of Struts & Spring & Hibernate for Enterprise ApplicationsIntegration of Struts & Spring & Hibernate for Enterprise Applications
Integration of Struts & Spring & Hibernate for Enterprise Applications
 
Ag32637641
Ag32637641Ag32637641
Ag32637641
 
Comparing: Routing Protocols on Basis of sleep mode
Comparing: Routing Protocols on Basis of sleep modeComparing: Routing Protocols on Basis of sleep mode
Comparing: Routing Protocols on Basis of sleep mode
 
There was war in heaven
There was war in heavenThere was war in heaven
There was war in heaven
 
Ax32739746
Ax32739746Ax32739746
Ax32739746
 

Semelhante a An Effective Policy Anomaly Management Framework for Firewalls

SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTijsrd.com
 
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...IRJET Journal
 
Traffic aware dynamic
Traffic aware dynamicTraffic aware dynamic
Traffic aware dynamicJustin Cletus
 
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
 
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 
Untitled document(2).pdf
Untitled document(2).pdfUntitled document(2).pdf
Untitled document(2).pdfhadaf44
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comphanleson
 
10.1.1.92.7063
10.1.1.92.706310.1.1.92.7063
10.1.1.92.7063bob lee
 
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHMPERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHMIJNSA Journal
 
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHMPERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHMIJNSA Journal
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxBluechipComputerSyst
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...eSAT Journals
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmzBaha Rababah
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 

Semelhante a An Effective Policy Anomaly Management Framework for Firewalls (20)

SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
 
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
 
Traffic aware dynamic
Traffic aware dynamicTraffic aware dynamic
Traffic aware dynamic
 
Cr32585591
Cr32585591Cr32585591
Cr32585591
 
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
 
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 
Untitled document(2).pdf
Untitled document(2).pdfUntitled document(2).pdf
Untitled document(2).pdf
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.com
 
10.1.1.92.7063
10.1.1.92.706310.1.1.92.7063
10.1.1.92.7063
 
Cr32585591
Cr32585591Cr32585591
Cr32585591
 
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHMPERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY- TWO-PHASE DEPLOYMENT ALGORITHM
 
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHMPERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHM
PERFORMANCE EVALUATION OF ENHANCEDGREEDY-TWO-PHASE DEPLOYMENT ALGORITHM
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmz
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

Mais de IJMER

A Study on Translucent Concrete Product and Its Properties by Using Optical F...
A Study on Translucent Concrete Product and Its Properties by Using Optical F...A Study on Translucent Concrete Product and Its Properties by Using Optical F...
A Study on Translucent Concrete Product and Its Properties by Using Optical F...IJMER
 
Developing Cost Effective Automation for Cotton Seed Delinting
Developing Cost Effective Automation for Cotton Seed DelintingDeveloping Cost Effective Automation for Cotton Seed Delinting
Developing Cost Effective Automation for Cotton Seed DelintingIJMER
 
Study & Testing Of Bio-Composite Material Based On Munja Fibre
Study & Testing Of Bio-Composite Material Based On Munja FibreStudy & Testing Of Bio-Composite Material Based On Munja Fibre
Study & Testing Of Bio-Composite Material Based On Munja FibreIJMER
 
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)IJMER
 
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...IJMER
 
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...IJMER
 
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...IJMER
 
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...IJMER
 
Static Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
Static Analysis of Go-Kart Chassis by Analytical and Solid Works SimulationStatic Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
Static Analysis of Go-Kart Chassis by Analytical and Solid Works SimulationIJMER
 
High Speed Effortless Bicycle
High Speed Effortless BicycleHigh Speed Effortless Bicycle
High Speed Effortless BicycleIJMER
 
Microcontroller Based Automatic Sprinkler Irrigation System
Microcontroller Based Automatic Sprinkler Irrigation SystemMicrocontroller Based Automatic Sprinkler Irrigation System
Microcontroller Based Automatic Sprinkler Irrigation SystemIJMER
 
On some locally closed sets and spaces in Ideal Topological Spaces
On some locally closed sets and spaces in Ideal Topological SpacesOn some locally closed sets and spaces in Ideal Topological Spaces
On some locally closed sets and spaces in Ideal Topological SpacesIJMER
 
Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...IJMER
 
Natural Language Ambiguity and its Effect on Machine Learning
Natural Language Ambiguity and its Effect on Machine LearningNatural Language Ambiguity and its Effect on Machine Learning
Natural Language Ambiguity and its Effect on Machine LearningIJMER
 
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcess
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcessEvolvea Frameworkfor SelectingPrime Software DevelopmentProcess
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcessIJMER
 
Material Parameter and Effect of Thermal Load on Functionally Graded Cylinders
Material Parameter and Effect of Thermal Load on Functionally Graded CylindersMaterial Parameter and Effect of Thermal Load on Functionally Graded Cylinders
Material Parameter and Effect of Thermal Load on Functionally Graded CylindersIJMER
 
Studies On Energy Conservation And Audit
Studies On Energy Conservation And AuditStudies On Energy Conservation And Audit
Studies On Energy Conservation And AuditIJMER
 
An Implementation of I2C Slave Interface using Verilog HDL
An Implementation of I2C Slave Interface using Verilog HDLAn Implementation of I2C Slave Interface using Verilog HDL
An Implementation of I2C Slave Interface using Verilog HDLIJMER
 
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...IJMER
 
Comparing Various SDLC Models On The Basis Of Available Methodology
Comparing Various SDLC Models On The Basis Of Available MethodologyComparing Various SDLC Models On The Basis Of Available Methodology
Comparing Various SDLC Models On The Basis Of Available MethodologyIJMER
 

Mais de IJMER (20)

A Study on Translucent Concrete Product and Its Properties by Using Optical F...
A Study on Translucent Concrete Product and Its Properties by Using Optical F...A Study on Translucent Concrete Product and Its Properties by Using Optical F...
A Study on Translucent Concrete Product and Its Properties by Using Optical F...
 
Developing Cost Effective Automation for Cotton Seed Delinting
Developing Cost Effective Automation for Cotton Seed DelintingDeveloping Cost Effective Automation for Cotton Seed Delinting
Developing Cost Effective Automation for Cotton Seed Delinting
 
Study & Testing Of Bio-Composite Material Based On Munja Fibre
Study & Testing Of Bio-Composite Material Based On Munja FibreStudy & Testing Of Bio-Composite Material Based On Munja Fibre
Study & Testing Of Bio-Composite Material Based On Munja Fibre
 
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
 
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
 
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
 
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
 
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
 
Static Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
Static Analysis of Go-Kart Chassis by Analytical and Solid Works SimulationStatic Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
Static Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
 
High Speed Effortless Bicycle
High Speed Effortless BicycleHigh Speed Effortless Bicycle
High Speed Effortless Bicycle
 
Microcontroller Based Automatic Sprinkler Irrigation System
Microcontroller Based Automatic Sprinkler Irrigation SystemMicrocontroller Based Automatic Sprinkler Irrigation System
Microcontroller Based Automatic Sprinkler Irrigation System
 
On some locally closed sets and spaces in Ideal Topological Spaces
On some locally closed sets and spaces in Ideal Topological SpacesOn some locally closed sets and spaces in Ideal Topological Spaces
On some locally closed sets and spaces in Ideal Topological Spaces
 
Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...
 
Natural Language Ambiguity and its Effect on Machine Learning
Natural Language Ambiguity and its Effect on Machine LearningNatural Language Ambiguity and its Effect on Machine Learning
Natural Language Ambiguity and its Effect on Machine Learning
 
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcess
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcessEvolvea Frameworkfor SelectingPrime Software DevelopmentProcess
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcess
 
Material Parameter and Effect of Thermal Load on Functionally Graded Cylinders
Material Parameter and Effect of Thermal Load on Functionally Graded CylindersMaterial Parameter and Effect of Thermal Load on Functionally Graded Cylinders
Material Parameter and Effect of Thermal Load on Functionally Graded Cylinders
 
Studies On Energy Conservation And Audit
Studies On Energy Conservation And AuditStudies On Energy Conservation And Audit
Studies On Energy Conservation And Audit
 
An Implementation of I2C Slave Interface using Verilog HDL
An Implementation of I2C Slave Interface using Verilog HDLAn Implementation of I2C Slave Interface using Verilog HDL
An Implementation of I2C Slave Interface using Verilog HDL
 
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...
Application of Parabolic Trough Collectorfor Reduction of Pressure Drop in Oi...
 
Comparing Various SDLC Models On The Basis Of Available Methodology
Comparing Various SDLC Models On The Basis Of Available MethodologyComparing Various SDLC Models On The Basis Of Available Methodology
Comparing Various SDLC Models On The Basis Of Available Methodology
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

An Effective Policy Anomaly Management Framework for Firewalls

  • 1. www.ijmer.com International Journal of Modern Engineering Research (IJMER) Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 An Effective Policy Anomaly Management Framework for Firewalls Akula Kranthi Kumar1, Syed Gulam Gouse2 1 2 M.Tech, Nimra College of Engineering & Technology, Vijayawada, A.P., India. Professor, Dept.of CSE, Nimra College of Engineering & Technology, Vijayawada, A.P., India. ABSTRACT: Firewalls are devices or programs that control the flow of network traffic between hosts or networks that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in various other network environments. At one time, most firewalls were deployed at the network perimeters. This provided some measure of protection for internal hosts, but it could not recognize all instances and forms of attacks, and attacks sent from one internal host to another often do not pass through network firewalls. Because of these and other factors network designers now often include firewall functionality at places other than the network perimeter to provide an additional layer of network security. Due to the increasing threat of network attacks, firewalls have become important integrated elements not only in the enterprise networks but also in small-size and home networks. Firewalls have been the frontier defense for secure networks against attacks and unauthorized traffic by filtering out unnecessary network traffic coming into or going from the secured network. In this paper, we represent an effective policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. Keywords: Anomalies, FAME, Firewall, Policies. I. INTRODUCTION With the global Internet connection, network security has gained significant attention in both the research and industrial communities. Due to the increasing threat of network attacks, firewalls have become important integrated elements not only in the enterprise networks but also in small-size and home networks. A firewall is a security guard placed at the point of entry between a private network and the outside Internet so that all incoming and outgoing traffic have to pass through it. A packet can be viewed as a tuple with a finite number of fields; examples of these fields are source/destination IP address, source/destination port number, and protocol type. By examining the values of these fields for each incoming and outgoing packet, a firewall accepts legal packets and discards illegitimate ones according to its configuration. A firewall configuration defines which packets are legal and which are illegal. An error in a firewall configuration means a wrong definition of being legitimate or illegitimate for some packets, which will either allow unauthorized access from the outside Internet to the private network, or disable some legitimate communication between the private network and the outside network. How to design a correct firewall configuration is therefore a very important security issue. Firewalls have been the frontier defense for secure networks against many attacks and unauthorized traffic by filtering out unwanted network traffic coming into or going from the secured network. The filtering decision is taken according to a set of ordered filtering rules written based on the predefined security policy requirements. Although deployment of firewall technology is an important step toward securing the networks, the complexity of managing firewall policy might limit the effectiveness of firewall security. A firewall policy may include anomalies, where a network packet may match with two or more different filtering rules. When the filtering rules are defined, serious attention has to be given to rule relations and interactions in order to determine the proper rule ordering and to guarantee correct security policy semantics. As the number of filtering rules increases, then the difficulty of writing a new rule or modifying an existing one also increases. It is very likely, in this case, to introduce the conflicting rules such as one general rule shadowing another specific rule, or correlated rules whose relative ordering determines different actions for the same packet. In addition, a typical large-scale enterprise network might involve hundreds of rules that might be written by various administrators in various times. This significantly increases the potential of the anomaly occurrence in the firewall policy, jeopardizing the security of the protected network [1]. Therefore, the effectiveness of the firewall security is dependent on providing policy management techniques and tools that enable network administrators to analyze and verify the correctness of written firewall legacy rules. II. RELATED WORK Effective mechanisms and tools for policy management are crucial to the success of the firewalls. Recently, policy anomaly detection has received a great deal of attention [2], [3], [4], [5]. Corresponding policy analysis tools, such as Firewall Policy Advisor [2] and FIREMAN [3], with the goal of detecting the policy anomalies have been introduced. Firewall Policy Advisor only has the capability of detecting pairwise anomalies in firewall rules. FIREMAN can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all the preceding rules. However, FIREMAN also has several limitations in detecting anomalies [4]. For each firewall rule, FIREMAN only examines all the preceding rules but ignores all subsequent rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only show that there is a misconfiguration between oner ule and its preceding rules, but cannot accurately indicate all the rules involved in an anomaly. www.ijmer.com 2916 | Page
  • 2. International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 A first approach to addressing our problem domain is the use of the refinement mechanisms. In this way, we can perform a top-down deployment of the rules by unfolding a global set of security policies into the configurationsof several components and guaranteeing that those deployed configurations are free of anomalies. In [6], for example, the authors present a refinement method that uses a formal model for the generation of filtering rules by transforming general rules into specific configuration rules. Indeed, the authors propose the use of roles to better define of network capabilities, and the use of an inheritance mechanism through a hierarchy of entities to automatically generate permissions and prohibitions. A second refinement approach based on the concept of roles is also presented in [7]. However, and although the authors claim that their work is based on the Role Base Access Control (RBAC) model, their specification of the network entities, roles, and permission assignments are not rigorous and does not fit any reality. Most of these limitations are solved in the approach as presented in [8], where a global set of rules based on theOrganization Based Access Control (OrBAC) model [2] are further deployed into specific firewall configuration files through a transformation process. Generally, the administrators are reluctant to set up from scratch a whole network security policy, and prefer recycling existing configurations. III. FIREWALL POLICIES AND ANOMALIES A firewall policy rule is defined as a set of criteria and an action to perform when a network packet matches the criteria. The criteria of a rule consist of the elements direction, protocol, source port, source IP, destination IP and destination port. Therefore a complete rule may be defined by the ordered tuple <direction, protocol, source IP, source port, destination IP, destination port, action>. Each attribute can be defined as a range of values, which can be represented and analyzed as the sets. The relation between two rules essentially mean that the relation between the set of packets they match. Thus the action field does not come into play when considering the relation between the two rules. Firewall policy anomaly is defined as the existence of two or more firewall filtering rules that may match the same packet . The existence of a rule that can never match any network packet on the network paths that cross the firewall also cause anomaly. Till date, five types of anomalies are discovered – they are: Shadowing Anomalies, Correlation Anomalies, Generalization Anomalies, Redundancy Anomalies, and Irrelevance Anomalies. Shadowing anomaly: Two rules are said to have shadowing anomaly ,whenever the rule which comes first in the rule set matches all the packets and the second rule which is positioned after the first rule in rule set does not get chance to match any packet because the previous rule has matched all the packets. Correlation anomaly: Two rules are said to have correlation anomaly if both of the rules matches some common packets that is the rule one matches some packets, which are also matched by the rule second. Generalization anomaly: Two rules which are in order one of them is said to be in the generalization of another if the first rules matches all the packets which can be also matched by the second rule but the action performed is different in both the rules. Redundancy anomaly: Two rules are said to be redundant if both of the rules matches some packets and the action performed is also the same. So there is no effect on the firewall policy if one of the redundant rules will be removed from the rule set. Irrelevance anomaly: Any rule is said to be irrelevant if for a given time interval it does not matches any of the network packets either incoming or outgoing. Thus if any type of the packets do not match the rule then it is irrelevant i.e. there is no need to put that rule in the rule set. IV. ANOMALY MANAGEMENT FRAMEWORK In our proposed policy anomaly management framework is composed of two core functionalities: conflict detection and resolution, and redundancy discovery and removal, as depicted in Figure 1. Both of the functionalities are based on the rule-based segmentation technique. For conflict detection and resolution, conflicting segments are identified only in the first step. Each conflicting segment associates with the policy conflict and a set of conflicting rules. Also, the correlation relationships among the conflicting segments are identified and conflict correlation groups (CG) are derived. Policy conflicts belonging to different conflict correlation groups can be resolved separately; thus, the searching space for resolving the conflicts is reduced by the correlation process. The second step generates an action constraint for each of the conflicting segment by examining the characteristics of each conflicting segment. A strategy-based method is introduced for generating the action constraints. The third step utilizes a reordering algorithm, which is a combination of the permutation algorithm and a greedy algorithm, to discover a near-optimal conflict resolution solution for policy conflicts. Regarding redundancy discovery and removal, the segment correlation groups are first identified. Then, the process of the property assignment is performed to each rule’s subspaces. www.ijmer.com 2917 | Page
  • 3. www.ijmer.com International Journal of Modern Engineering Research (IJMER) Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 Figure 1: Policy anomaly management framework A. Conflict Resolution Our conflict resolution mechanism introduces that an action constraint is assigned to each of the conflicting segment. An action constraint for the conflicting segment defines a desired action (either Allow or Deny) that the firewall policy should take when any packet within the conflicting segment comes to the firewall. Then, to resolve the conflict, we only assure that the action taken for each packet within the conflicting segment can satisfy the corresponding action constraint. To generate action constraints for conflicting segments, we propose a strategy-based conflict resolution method, which generates the action constraints with the help of effective resolution strategies based on the minimal interaction with system administrators. Figure 2 shows the main processes of this method, which incorporates both automated and manual strategy selections. Once conflicts in the firewall policy are discovered and conflict correlation groups are identified, the risk assessment for conflicts is performed. Figure 2: Strategy-based conflict resolution B. Implementation of FAME FAME was implemented in Java language. Based on our policy anomaly management framework, it consists of 6 components: segmentation module, correlation module, risk assessment module, action constraint generation module, rule reordering module, and property assignment module. The segmentation module takes the firewall policies as an input and identifies the packet space segments by partitioning the packet space into disjoint subspaces. Our framework is realized as a proof-of-concept prototype called as Firewall Anomaly Management Environment. Figure 3 shows a high-level architecture of FAME with two levels. The upper level is the visualization layer, which visualizes the results of the policy anomaly analysis to system administrators. Two visualization interfaces, policy conflict viewer and the policy redundancy viewer, are designed to manage policy conflicts and redundancies, respectively. The lower level of the architecture provides underlying www.ijmer.com 2918 | Page
  • 4. International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2916-2919 ISSN: 2249-6645 functionalities addressed in our proposed policy anomaly management framework and relevant resources including rule information, strategy repository, network asset information, and vulnerability information. Figure 3: Architecture of FAME V. CONCLUSION A firewall is a system acting as an interface of a network to one or more external networks, for example, Internet. It implements the security policies of the network by deciding which packets to let through based on rules defined by the network administrator. Any error in defining the rules may compromise the system security by letting unwanted network traffic pass or blocking desired traffic. Manual definition of the rules often results in a set that contains conflicting, redundant or overshadowed rules, resulting in anomalies in the policy. Manually detecting and resolving these anomalies is a critical task but tedious and error prone task. Existing research on this problem have been focused on the analysis and detection of the anomalies in the firewall policy. A rule-based segmentation mechanism and a grid-based representation technique were introduced to achieve the goal of effective and efficient firewall anomaly analysis. In addition, it is demonstrated that our proposed work is practical and helpful for system administrators to enable an assurable network management. REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] E. Al-Shar and H. Hemed. “Firewall Policy Advisor for Anomaly Detection and Rule Editing.” Proc.of IEEE/IFIP Integrated Management Conference (IM’2003), March 2003. E. Al-Shaer and H. Hamed, “Discovery of Policy Anomalies inDistributed Firewalls,” IEEE INFOCOM ’04, vol. 4, pp. 26052616,2004. L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C.Davis, “Fireman: A Toolkit for Firewall Modeling and Analysis,”Proc. IEEE Symp. Security and Privacy, p. 15, 2006. J. Alfaro, N. Boulahia-Cuppens, and F. Cuppens, “CompleteAnalysis of Configuration Rules to Guarantee Reliable NetworkSecurity Policies,” Int’l J. Information Security, vol. 7, no. 2, pp. 103122,2008. F. Baboescu and G. Varghese, “Fast and Scalable ConflictDetection for Packet Classifiers,” Computer Networks, vol. 42,no. 6, pp. 717- 735, 2003. Bartal, Y., Mayer, A., Nissim, K., and Wool, A. Firmato: A novel firewall management toolkit. In IEEE Symposiumon Security and Privacy, pp. 17–31, Oakland, California, May, 1999. Reed, D. IP Filter. [Online]. Available from:http://www.ja.net/CERT/Software/ipfilter/ip-filter.html Hassan, A. and Hudec, L. Role Based Network Security Model: A Forward Step towards Firewall Management.In Workshop On Security of Information Technologies, Algiers, December, 2003. www.ijmer.com 2919 | Page