An approach to the generalization of firewall rules

Author

Wei Li ; Haishan Wan ; Sheng Li

Author_Institution

Grad. Sch. of Comput. & Inf. Sci., Nova Southeastern Univ., Fort Lauderdale, FL, USA

fYear

2013

fDate

16-20 June 2013

Firstpage

201

Lastpage

206

Abstract

Modern firewalls are becoming complex and anomalies may exist in their rule sets. Security log data, such as firewall logs and logs generated by intrusion detection systems, could provide useful information for the update and addition of existing firewall rule sets. In this paper, we focus on the development of an effective mechanism for firewall rule generation, and proposed an algorithm called Domain-Specific Rule Generation (DSRG) algorithm. The algorithm integrates domain-specific network configuration information to help with the generalization of firewall rules based on security log data. These generalized rules could help with the anomaly check or used as an addition for existing rule sets.

Keywords

authorisation; firewalls; system monitoring; DSRG algorithm; anomaly check; domain-specific network configuration information; domain-specific rule generation algorithm; firewall logs; firewall rule generalization approach; firewall rule generation; firewall rule sets; intrusion detection systems; security log data; Clustering algorithms; IP networks; Intrusion detection; Ports (Computers); Protocols; Telecommunication traffic; firewall; rule generalization; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Science (ICIS), 2013 IEEE/ACIS 12th International Conference on

Conference_Location

Niigata

Type

conf

DOI

10.1109/ICIS.2013.6607841

Filename

6607841