Abstract
Firewall is generally the first layer of defense in network security, where rules are specified to allow or reject incoming and outgoing network traffic. However, firewall rules may be prone to ‘erratic’ operations because of human errors involved in the rule-set creation. In this paper, we provide an overview of anomaly detection in firewall rule-sets and their applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is a simplification: possible rules include accept, drop, reject, log, amongst others.
- 2.
It is suggested by IANA that the range to be [49152, 65535], although it is generally constrained to [1024, 65535]; please see http://www.iana.org/assignments/port-numbers (last accessed June 8th, 2018).
- 3.
The application layer is the seventh layer of the OSI model, which is the highest and most abstracted from the mechanics of network communications.
- 4.
Sockets simply represents the combination of IP address and port number that a packet is sent to.
References
Al-Shaer, E.S., Hamed, H.: Design and implementation of firewall policy advisor tools. Technical report CTI-techrep0801, School of Computer Science Telecommunications and Information Systems, DePaul University, August 2002
Ingham, K., Forrest, S.: A history and survey of network firewalls. In: Proceedings of National Conference on Recent Developments in Computing and Its applications, p. 4, August 2009. Accessed 10 June 2018
Software Firewalls: Made of Straw? Part 1 of 2, Symantec Connect Community (2010). Accessed 03 May 2018
Hu, H., Ahn, G., Kulkarni, K.: FAME: a firewall anomaly management environment. In: Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration (SafeConfig), pp. 17–26. ACM, New York (2010). https://doi.org/10.1145/1866898.1866902
Wool, A.: A quantitative study of firewall configuration errors. Computer 37(6), 62–67 (2004)
Khan, B., Khan, M.K., Mahmud, M., Alghathbar, K.S.: Security analysis of firewall rule sets in computer networks. In: Proceedings of 4th International Conference on Emerging Security Information, Systems and Technologies, pp. 51–56 (2010)
Al-Shaer, E., Hamed, H.: Firewall policy advisor for anomaly detection and rule editing. In: The IEEE/TFIP International Symposium on Integrated Network Management Conference, USA, March 2003, pp. 17–30 (2003)
A systematic approach for conflict resolution in firewall policies. Technical report ASU-SCIDSE-10-2, Arizona State University, Tempe, May 2010. http://sefcom.asu.edu/confres/confres.pdf
Al-Shaer, E.S., Hamed, H.H.: Modeling and management of firewall policies. IEEE Trans. Netw. Serv. Manag. 1(1), 2–10 (2005)
Radomskiy, S.: Security policy rules optimization and its application to the Iptables firewall. M.Sc. thesis, University of Tampere (2011). https://tampub.uta.fi/bistream/handle/10024/82342/gradu04878.pdf?sequence=1
Prokhorenko, V., Choo, K.-K.R., Ashman, H.: Web application protection techniques: a taxonomy. J. Netw. Comput. Appl. 60, 95–112 (2016)
Peng, J., Choo, K.-K.R., Ashman, H.: User profiling in intrusion detection: a review. J. Netw. Comput. Appl. 72, 14–27 (2016)
Do, Q., Martini, B., Choo, K.-K.R.: Cyber-physical systems information gathering: A smart home case study. Comput. Netw. 138, 1–12 (2018)
Haddad Pajouh, H., Dehghantanha, A., Khayami, R., Choo, K.-K.R.: A deep recurrent neural network based approach for internet of things malware threat hunting. Future Gener. Comput. Syst. 85, 88–96 (2018)
Baktir, A.C., Ozgovde, A., Ersoy, C.: How can edge computing benefit from software-defined networking: a survey, use cases, and future directions. IEEE Commun. Surv. Tutor. 19(4), 2359–2391 (2017)
Cintuglu, M.H., Mohammed, O.A., Akkaya, K., Uluagac, A.S.: A survey on smart grid cyber-physical system testbeds. IEEE Commun. Surv. Tutor. 19(1), 446–464 (2017)
Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Clincy, V., Shahriar, H. (2019). Detection of Anomaly in Firewall Rule-Sets. In: Abawajy, J., Choo, KK., Islam, R., Xu, Z., Atiquzzaman, M. (eds) International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018. ATCI 2018. Advances in Intelligent Systems and Computing, vol 842. Springer, Cham. https://doi.org/10.1007/978-3-319-98776-7_46
Download citation
DOI: https://doi.org/10.1007/978-3-319-98776-7_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98775-0
Online ISBN: 978-3-319-98776-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)