Practical firewall policy inspection using anomaly detection and its visualization

Ui Hyong Kim, Jung Min Kang, Jae Sung Lee, Hyong Shik Kim, Soon Young Jung

Research output: Contribution to journalArticle

Abstract

Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

Original languageEnglish
Pages (from-to)5475-5489
Number of pages15
JournalInformation (Japan)
Volume16
Issue number8 A
Publication statusPublished - 2013 Aug

Keywords

  • Anomaly
  • FPA
  • FPC
  • Firewall
  • Policy
  • Visualization

ASJC Scopus subject areas

  • Information Systems

Fingerprint Dive into the research topics of 'Practical firewall policy inspection using anomaly detection and its visualization'. Together they form a unique fingerprint.

  • Cite this

    Kim, U. H., Kang, J. M., Lee, J. S., Kim, H. S., & Jung, S. Y. (2013). Practical firewall policy inspection using anomaly detection and its visualization. Information (Japan), 16(8 A), 5475-5489.