HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis

Hyunjung Lee, Suryeon Lee, Kyounggon Kim, Huy Kang Kim

Research output: Contribution to journalArticlepeer-review

Abstract

Most of the companies have firewalls in order to protect their internal networks and assets from the attacker of the cyber space. Firewall policies should be maintained and organized with high importance. However, considering the length of time needed in analyzing the highly complex policies and the risks of disabling firewall that may arise in case of a false policy setting. It is extremely hard to securely optimize the performance of firewalls. This paper is to suggest a visualization tool that shows the status and the types of policies applied throughout the firewalls so that such difficulties related to the maintenance of firewall policies can be resolved. The proposed tool is designed in six different angles; (1) Hierarchy-view, (2) Anomaly-view, (3) Distributed-view, (4) ANYPolicy-view, (5) SearchResult-view, and (6) Top and Bottom Used-view. The core of the overall function is to facilitate the easy identification of the policy interrelationships. The visualization tool has been tested by being applied across approximately 24 different firewall policies. The processing speed of each function and abuse detection rate were all reviewed positively. By the help of the tool, identifying the services, performance improvement, and visibility of the policy relations, which thereby will lead to better safety in preserving the assets intact. A video of the proposed visualization tool can be found on the web site: https://youtu.be/43OfHN8dteU

Original languageEnglish
Article number9420661
Pages (from-to)71737-71753
Number of pages17
JournalIEEE Access
Volume9
DOIs
Publication statusPublished - 2021

Keywords

  • Firewall policy visualization
  • data visualization
  • policy analysis
  • rule anomaly detection

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint

Dive into the research topics of 'HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis'. Together they form a unique fingerprint.

Cite this