Practical firewall policy inspection using anomaly detection and its visualization

Ui Hyong Kim; Jung Min Kang; Jae Sung Lee; Hyong Shik Kim; Soon Young Jung

doi:10.1007/s11042-013-1673-8

Practical firewall policy inspection using anomaly detection and its visualization

Ui Hyong Kim, Jung Min Kang, Jae Sung Lee, Hyong Shik Kim, Soon Young Jung

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

6 Citations (Scopus)

Abstract

Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

Original language	English
Pages (from-to)	627-641
Number of pages	15
Journal	Multimedia Tools and Applications
Volume	71
Issue number	2
DOIs	https://doi.org/10.1007/s11042-013-1673-8
Publication status	Published - 2014 Jul

Keywords

Anomaly
FPA
FPC
Firewall
Policy
Visualization

ASJC Scopus subject areas

Software
Media Technology
Hardware and Architecture
Computer Networks and Communications

Access to Document

10.1007/s11042-013-1673-8

Cite this

@article{6f5f8b08982e4095862d78cc37a247a6,

title = "Practical firewall policy inspection using anomaly detection and its visualization",

abstract = "Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.",

keywords = "Anomaly, FPA, FPC, Firewall, Policy, Visualization",

author = "Kim, {Ui Hyong} and Kang, {Jung Min} and Lee, {Jae Sung} and Kim, {Hyong Shik} and Jung, {Soon Young}",

year = "2014",

month = jul,

doi = "10.1007/s11042-013-1673-8",

language = "English",

volume = "71",

pages = "627--641",

journal = "Multimedia Tools and Applications",

issn = "1380-7501",

publisher = "Springer Netherlands",

number = "2",

}

TY - JOUR

T1 - Practical firewall policy inspection using anomaly detection and its visualization

AU - Kim, Ui Hyong

AU - Kang, Jung Min

AU - Lee, Jae Sung

AU - Kim, Hyong Shik

AU - Jung, Soon Young

PY - 2014/7

Y1 - 2014/7

N2 - Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

AB - Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

KW - Anomaly

KW - FPA

KW - FPC

KW - Firewall

KW - Policy

KW - Visualization

UR - http://www.scopus.com/inward/record.url?scp=84903817464&partnerID=8YFLogxK

U2 - 10.1007/s11042-013-1673-8

DO - 10.1007/s11042-013-1673-8

M3 - Article

AN - SCOPUS:84903817464

SN - 1380-7501

VL - 71

SP - 627

EP - 641

JO - Multimedia Tools and Applications

JF - Multimedia Tools and Applications

IS - 2

ER -

Practical firewall policy inspection using anomaly detection and its visualization

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this