TY - GEN
T1 - Handling anomalies in distributed firewalls
AU - Bouhoula, Adel
AU - Trabelsi, Zouheir
PY - 2006
Y1 - 2006
N2 - Distributed Firewalls filter the incoming and outgoing network traffic based on a set of predefined filtering rules. The filtering rules have to be well defined and coherent in order to guarantee the desired responses of the Firewalls. In this paper, we propose an inference system for detecting all anomalies that could exist in a multi-Firewall network environment. Three classes of anomalies are described, namely, the Redundancy, Locking and Incoherence anomalies. Then, we give an example of common network architecture with the corresponding filtering policy. The example demonstrates how anomalies can be easily detected using the proposed inference model. Related works are discussed; and it will be demonstrated that the proposed inference model is more simple and general than related models.
AB - Distributed Firewalls filter the incoming and outgoing network traffic based on a set of predefined filtering rules. The filtering rules have to be well defined and coherent in order to guarantee the desired responses of the Firewalls. In this paper, we propose an inference system for detecting all anomalies that could exist in a multi-Firewall network environment. Three classes of anomalies are described, namely, the Redundancy, Locking and Incoherence anomalies. Then, we give an example of common network architecture with the corresponding filtering policy. The example demonstrates how anomalies can be easily detected using the proposed inference model. Related works are discussed; and it will be demonstrated that the proposed inference model is more simple and general than related models.
KW - Anomalies
KW - Distributed firewall
KW - Filtering rules
KW - Inference system
KW - Security policy
UR - http://www.scopus.com/inward/record.url?scp=50049097605&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50049097605&partnerID=8YFLogxK
U2 - 10.1109/INNOVATIONS.2006.301921
DO - 10.1109/INNOVATIONS.2006.301921
M3 - Conference contribution
AN - SCOPUS:50049097605
SN - 1424406749
SN - 9781424406746
T3 - 2006 Innovations in Information Technology, IIT
BT - 2006 Innovations in Information Technology, IIT
T2 - 2006 Innovations in Information Technology, IIT
Y2 - 19 November 2006 through 21 November 2006
ER -