Analysis of Firewall Policy Rules Using Data Mining Techniques Export

@inproceedings{citeulike:1887272, abstract = {Firewall is the de facto core technology of today's network security and defense. However, the management of firewall rules has been proven to be complex, error-prone, costly and inefficient for many large-networked organizations. These firewall rules are mostly custom-designed and hand-written thus in constant need for tuning and validation, due to the dynamic nature of the traffic characteristics, ever-changing network environment and its market demands. One of the main problems that we address in this paper is that how much the firewall rules are useful, up-to-dated, well-organized or efficient to reflect the current characteristics of network traffics. In this paper, we present a set of techniques and algorithms to analysis and manage firewall policy rules: (1) data mining technique to deduce efficient firewall policy rules by mining its network traffic log based on its frequency, (2) filtering-rule generalization (FRG) to reduce the number of policy rules by generalization, and (3) a technique to identify any decaying rule and a set of few dominant rules, to generate a new set of efficient firewall policy rules. The anomaly detection based on the mining exposes many hidden but not detectable by analyzing only the firewall policy rules, resulting in two new types of the anomalies. As a result of these mechanisms, network security administrators can automatically review and update the rules. We have developed a prototype system and demonstrated usefulness of our approaches}, author = {Golnabi, K. and Min, R. K. and Khan, L. and Al-Shaer, E.}, booktitle = {Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP}, citeulike-article-id = {1887272}, citeulike-linkout-0 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1687561}, journal = {Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP}, keywords = {firewall, mining, rule}, pages = {305--315}, posted-at = {2007-11-09 04:42:11}, priority = {4}, title = {Analysis of Firewall Policy Rules Using Data Mining Techniques}, url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1687561}, year = {2006} }

TY - CONF ID - citeulike:1887272 L3 - citeulike-article-id:1887272 N2 - Firewall is the de facto core technology of today's network security and defense. However, the management of firewall rules has been proven to be complex, error-prone, costly and inefficient for many large-networked organizations. These firewall rules are mostly custom-designed and hand-written thus in constant need for tuning and validation, due to the dynamic nature of the traffic characteristics, ever-changing network environment and its market demands. One of the main problems that we address in this paper is that how much the firewall rules are useful, up-to-dated, well-organized or efficient to reflect the current characteristics of network traffics. In this paper, we present a set of techniques and algorithms to analysis and manage firewall policy rules: (1) data mining technique to deduce efficient firewall policy rules by mining its network traffic log based on its frequency, (2) filtering-rule generalization (FRG) to reduce the number of policy rules by generalization, and (3) a technique to identify any decaying rule and a set of few dominant rules, to generate a new set of efficient firewall policy rules. The anomaly detection based on the mining exposes many hidden but not detectable by analyzing only the firewall policy rules, resulting in two new types of the anomalies. As a result of these mechanisms, network security administrators can automatically review and update the rules. We have developed a prototype system and demonstrated usefulness of our approaches JF - Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP EP - 315 TI - Analysis of Firewall Policy Rules Using Data Mining Techniques T2 - Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP SP - 305 KW - firewall KW - mining KW - rule AU - Golnabi, K AU - Min, RK AU - Khan, L AU - Al-Shaer, E PY - 2006/// UR - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1687561 ER -