Formal approach for managing firewall misconfigurations

Saâdaoui, Amina; Souayeh, Nihel Ben Youssef Ben; Bouhoula, Adel

doi:10.1109/rcis.2014.6861044

Cited by 12 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Referring to Table 5, the average ( ̅ ) of the five administrators' confidence for resolving ten scenarios of rule anomalies based on their skills for the traditional firewall is equal to 2.68; however, the average confidence of our proposed firewall which is a recommendation system based on probability is 4.16, which the confidence rate of the proposed firewall increased by 29.6% from the conventional firewall. In the case of evaluating reliability between raters, we apply Kappa statistics [19] in the equation (14) with the data from Table 5. The reliability value between the interraters of the conventional firewall is equal to 0.379, which means that the reliability is at a fair agreement as shown in Table 6.…”

Section: Implementation and Performance Evaluationmentioning

confidence: 99%

“…They claimed that the processing time and number of packet hits are better than the traditional and FIREMAN [13] firewall. FPQE [14] is an automated system to resolve rule anomalies, which does not require any admin intervention. It uses an automatic rule removal in the case of redundancy and contradiction anomaly, and uses an automatic rule permutation against shadowing and correlation.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

Khummanee¹,

Chomphuwiset²,

Pruksasri³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Firewalls are controlled by rules which often incur anomalies. The anomalies are considered serious problems that administrators do not desire to happen over their firewalls because they cause more vulnerabilities and decrease the overall performance of the firewall. Resolving anomaly rules that have already occurred on the firewall is difficult and mainly depends on the firewall administrator's discretion. In this paper, a model is designed and developed to assist administrators to make effective decisions for optimizing anomaly rules using the probability approach (Bayesian). In this model, the firewall needs to add four property fields (Extra fields) to the firewall rules: frequency of packets matching against rules, evidence of creating rules, the expertise of rules creator and protocol priority. These fields are used to calculate the probability of each firewall rule. The probability for each rule is used while the rules conflict and administrators need to resolve them. The rule having the highest probability value indicates that it has the highest priority in consideration. Experimental results show that the proposed model allows firewall administrators to make significant decisions about solving anomaly rules. The data structure of this model is based on k-ary tree, therefore the speed of building tree, time complexity and space complexity: O(n), O(logmn) and O(m*n) respectively. Besides, the confidence of the proposed firewall for resolving firewall rule anomalies of the administrator increase by 29.6% against the traditional firewall, and the reliability value between the inter-raters also increase by 13.1%.

show abstract

Section: Implementation and Performance Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

Khummanee¹,

Chomphuwiset²,

Pruksasri³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

show abstract

“…Firewall behaviour-based grouping [12] was also used to resolve conflicts with firewall rules, and the authors claim that the method takes less processing time and has higher packet matching than FIREMAN [13]. FPQE [14] is an automated method used to resolve rule conflicts without administrative intervention. The rules are corrected by deletion if they are detected as a redundant anomaly, but ruleswapping is applied when a shadowing or correlation anomaly is detected.…”

Section: Introductionmentioning

confidence: 99%

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Khummanee

Chomphuwiset

Pruksasri

2022

ECTI-CIT Transactions

View full text Add to dashboard Cite

Currently, establishing a private network on the Internet is highly hazardous for attacks as attackers continuously scan computers for vulnerabilities within the connected network. The firewall ranked the highest as a network device is selected to protect unauthorized accesses and attacks. However, firewalls can effectively protect against assaults based on adequately defined rules without any anomalies. In order to resolve anomaly problems and assist firewall admins with the ability to manage the rules effectively, in this paper, a prototype of the decision support system has been designed and developed for encouraging admins to optimize firewall rules and minimize deficiencies that occur in rules by using the probability approach. The experimental results clearly show that the developed model encourages experts and administrators of firewalls to make significant decisions to resolve rule anomalies by expert's confidence increases by 14.8 %, and administrators' confidence soars similarly about 44.2 %. Lastly, the accuracy of correcting rule anomalies is 83 %.

show abstract

Automated and Optimized Formal Approach to Verify SDN Access-Control Misconfigurations

Saâdaoui

Souayeh

Bouhoula

2019

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Formal approach for managing firewall misconfigurations

Cited by 12 publications

References 9 publications

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Automated and Optimized Formal Approach to Verify SDN Access-Control Misconfigurations

Contact Info

Product

Resources

About