Firewall filtering rules analysis for anomalies detection

Adel Bouhoula; Zouheir Trabelsi; Ezedin Barka; Mohammed Anis Benelbahri

doi:10.1504/IJSN.2008.020090

Firewall filtering rules analysis for anomalies detection

Adel Bouhoula, Zouheir Trabelsi, Ezedin Barka, Mohammed Anis Benelbahri

Department of Information System and Security

Research output: Contribution to journal › Article › peer-review

16 Citations (Scopus)

Abstract

Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet's field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.

Original language	English
Pages (from-to)	161-172
Number of pages	12
Journal	International Journal of Security and Networks
Volume	3
Issue number	3
DOIs	https://doi.org/10.1504/IJSN.2008.020090
Publication status	Published - 2008

Keywords

Anomalies
Filtering rules
Firewall
Security policy
Security policy conflict

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1504/IJSN.2008.020090

Cite this

@article{a3c48e696133445588c3054f7081184e,

title = "Firewall filtering rules analysis for anomalies detection",

abstract = "Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet's field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.",

keywords = "Anomalies, Filtering rules, Firewall, Security policy, Security policy conflict",

author = "Adel Bouhoula and Zouheir Trabelsi and Ezedin Barka and Benelbahri, {Mohammed Anis}",

year = "2008",

doi = "10.1504/IJSN.2008.020090",

language = "English",

volume = "3",

pages = "161--172",

journal = "International Journal of Security and Networks",

issn = "1747-8405",

publisher = "Inderscience Enterprises Ltd",

number = "3",

}

TY - JOUR

T1 - Firewall filtering rules analysis for anomalies detection

AU - Bouhoula, Adel

AU - Trabelsi, Zouheir

AU - Barka, Ezedin

AU - Benelbahri, Mohammed Anis

PY - 2008

Y1 - 2008

N2 - Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet's field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.

AB - Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet's field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.

KW - Anomalies

KW - Filtering rules

KW - Firewall

KW - Security policy

KW - Security policy conflict

UR - http://www.scopus.com/inward/record.url?scp=79951637895&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951637895&partnerID=8YFLogxK

U2 - 10.1504/IJSN.2008.020090

DO - 10.1504/IJSN.2008.020090

M3 - Article

AN - SCOPUS:79951637895

SN - 1747-8405

VL - 3

SP - 161

EP - 172

JO - International Journal of Security and Networks

JF - International Journal of Security and Networks

IS - 3

ER -

Firewall filtering rules analysis for anomalies detection

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this