Firewall filtering rules analysis for anomalies detection

Adel Bouhoula, Zouheir Trabelsi, Ezedin Barka, Mohammed Anis Benelbahri

Research output: Contribution to journalArticlepeer-review

17 Citations (Scopus)

Abstract

Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet's field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.

Original languageEnglish
Pages (from-to)161-172
Number of pages12
JournalInternational Journal of Security and Networks
Volume3
Issue number3
DOIs
Publication statusPublished - 2008

Keywords

  • Anomalies
  • Filtering rules
  • Firewall
  • Security policy
  • Security policy conflict

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Firewall filtering rules analysis for anomalies detection'. Together they form a unique fingerprint.

Cite this