Firewall ruleset visualization analysis tool based on segmentation

Hyungseok Kim, Sukjun Ko, Dong Seong Kim, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

Original languageEnglish
Title of host publication2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-8
Number of pages8
Volume2017-October
ISBN (Electronic)9781538626931
DOIs
Publication statusPublished - 2017 Oct 6
Event14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017 - Phoenix, United States
Duration: 2017 Oct 2 → …

Other

Other14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017
CountryUnited States
CityPhoenix
Period17/10/2 → …

Fingerprint

Visualization
Electric current control
Managers
Inspection
Feedback
Industry

Keywords

  • D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming
  • K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition

Cite this

Kim, H., Ko, S., Kim, D. S., & Kim, H. K. (2017). Firewall ruleset visualization analysis tool based on segmentation. In 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017 (Vol. 2017-October, pp. 1-8). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VIZSEC.2017.8062196

Firewall ruleset visualization analysis tool based on segmentation. / Kim, Hyungseok; Ko, Sukjun; Kim, Dong Seong; Kim, Huy Kang.

2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. Vol. 2017-October Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-8.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, H, Ko, S, Kim, DS & Kim, HK 2017, Firewall ruleset visualization analysis tool based on segmentation. in 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. vol. 2017-October, Institute of Electrical and Electronics Engineers Inc., pp. 1-8, 14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017, Phoenix, United States, 17/10/2. https://doi.org/10.1109/VIZSEC.2017.8062196
Kim H, Ko S, Kim DS, Kim HK. Firewall ruleset visualization analysis tool based on segmentation. In 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. Vol. 2017-October. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-8 https://doi.org/10.1109/VIZSEC.2017.8062196
Kim, Hyungseok ; Ko, Sukjun ; Kim, Dong Seong ; Kim, Huy Kang. / Firewall ruleset visualization analysis tool based on segmentation. 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. Vol. 2017-October Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-8
@inproceedings{7cfa1b764910440090adba511be11ea3,
title = "Firewall ruleset visualization analysis tool based on segmentation",
abstract = "Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.",
keywords = "D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming, K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)",
author = "Hyungseok Kim and Sukjun Ko and Kim, {Dong Seong} and Kim, {Huy Kang}",
year = "2017",
month = "10",
day = "6",
doi = "10.1109/VIZSEC.2017.8062196",
language = "English",
volume = "2017-October",
pages = "1--8",
booktitle = "2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Firewall ruleset visualization analysis tool based on segmentation

AU - Kim, Hyungseok

AU - Ko, Sukjun

AU - Kim, Dong Seong

AU - Kim, Huy Kang

PY - 2017/10/6

Y1 - 2017/10/6

N2 - Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

AB - Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

KW - D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming

KW - K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)

UR - http://www.scopus.com/inward/record.url?scp=85050737555&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050737555&partnerID=8YFLogxK

U2 - 10.1109/VIZSEC.2017.8062196

DO - 10.1109/VIZSEC.2017.8062196

M3 - Conference contribution

AN - SCOPUS:85050737555

VL - 2017-October

SP - 1

EP - 8

BT - 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -