Firewall log analysis and dynamic rule re-ordering in firewall policy anomaly management framework

Author

Lubna, K. ; Cyiac, Robin ; Kavitha Karun, A.

Author_Institution

Dept. of Comput. Sci. & Eng., Rajagiri Sch. of Eng. & Technol., Kochi, India

fYear

2013

fDate

12-14 Dec. 2013

Firstpage

853

Lastpage

856

Abstract

Today, there are more many ways to communicate than there were just a few years ago and among them, internet plays a major role. Firewalls are essential for a secure network communication to ensure that only trusted packets are transferred between the private and public network. In firewall, security policy is implemented based on the rules defined by the network administrator; that decides which packets can be allowed to an organization´s private network. Manual definition of rules often results in anomalies in the policy. Therefore, an effective anomaly detection and resolution approach is needed. After resolving these conflicts, the rules can be re-ordered dynamically that improves the efficiency of the anomaly management framework. With firewall log analysis, frequently used rules can be set as primitive rules, to which more security can be added.

Keywords

Internet; data mining; firewalls; trusted computing; Internet; anomaly detection; association rule mining; dynamic rule re-ordering; firewall log analysis; firewall policy anomaly management framework; network administrator; organization private network; public network; resolution approach; secure network communication; security policy; trusted packets; Association rules; Filtering; IP networks; Internet; Ports (Computers); association rule mining; firewall logs; policy anomaly; rule re-ordering;

fLanguage

English

Publisher

ieee

Conference_Titel

Green Computing, Communication and Conservation of Energy (ICGCE), 2013 International Conference on

Conference_Location

Chennai

Type

conf

DOI

10.1109/ICGCE.2013.6823553

Filename

6823553