Firewall ruleset visualization analysis tool based on segmentation

Hyungseok Kim; Sukjun Ko; Dong Seong Kim; Huy Kang Kim

doi:10.1109/VIZSEC.2017.8062196

Firewall ruleset visualization analysis tool based on segmentation

Hyungseok Kim
, Sukjun Ko
, Dong Seong Kim
, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

15 Citations (Scopus)

Abstract

Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

Original language	English
Title of host publication	2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017
Editors	Celeste Lyn Paul, Simon Walton, Sophie Engle, Diane Staheli, Lane Harrison, Nicolas Prigent, Robert Gove
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-8
Number of pages	8
ISBN (Electronic)	9781538626931
DOIs	https://doi.org/10.1109/VIZSEC.2017.8062196
Publication status	Published - 2017 Oct 6
Event	14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017 - Phoenix, United States Duration: 2017 Oct 2 → …

Publication series

Name	2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017
Volume	2017-October

Other

Other	14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017
Country/Territory	United States
City	Phoenix
Period	17/10/2 → …

Bibliographical note

Funding Information:
This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIT) (No.2017-0-00213, Development of Cyber Self Mutation Technologies for Proactive Cyber Defense)

Publisher Copyright:
© 2017 IEEE.

Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.

Keywords

D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming
K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)

ASJC Scopus subject areas

Computer Networks and Communications
Computer Vision and Pattern Recognition

Access to Document

10.1109/VIZSEC.2017.8062196

Cite this

Kim, H., Ko, S., Kim, D. S., & Kim, H. K. (2017). Firewall ruleset visualization analysis tool based on segmentation. In C. L. Paul, S. Walton, S. Engle, D. Staheli, L. Harrison, N. Prigent, & R. Gove (Eds.), 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017 (pp. 1-8). (2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017; Vol. 2017-October). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VIZSEC.2017.8062196

Firewall ruleset visualization analysis tool based on segmentation. / Kim, Hyungseok; Ko, Sukjun; Kim, Dong Seong et al.
2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. ed. / Celeste Lyn Paul; Simon Walton; Sophie Engle; Diane Staheli; Lane Harrison; Nicolas Prigent; Robert Gove. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-8 (2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017; Vol. 2017-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, H, Ko, S, Kim, DS & Kim, HK 2017, Firewall ruleset visualization analysis tool based on segmentation. in CL Paul, S Walton, S Engle, D Staheli, L Harrison, N Prigent & R Gove (eds), 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017, vol. 2017-October, Institute of Electrical and Electronics Engineers Inc., pp. 1-8, 14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017, Phoenix, United States, 17/10/2. https://doi.org/10.1109/VIZSEC.2017.8062196

Kim H, Ko S, Kim DS, Kim HK. Firewall ruleset visualization analysis tool based on segmentation. In Paul CL, Walton S, Engle S, Staheli D, Harrison L, Prigent N, Gove R, editors, 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-8. (2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017). doi: 10.1109/VIZSEC.2017.8062196

Kim, Hyungseok ; Ko, Sukjun ; Kim, Dong Seong et al. / Firewall ruleset visualization analysis tool based on segmentation. 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017. editor / Celeste Lyn Paul ; Simon Walton ; Sophie Engle ; Diane Staheli ; Lane Harrison ; Nicolas Prigent ; Robert Gove. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-8 (2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017).

@inproceedings{7cfa1b764910440090adba511be11ea3,

title = "Firewall ruleset visualization analysis tool based on segmentation",

abstract = "Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.",

keywords = "D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming, K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)",

author = "Hyungseok Kim and Sukjun Ko and Kim, \{Dong Seong\} and Kim, \{Huy Kang\}",

note = "Funding Information: This work was supported by Institute for Information \& communications Technology Promotion(IITP) grant funded by the Korea government(MSIT) (No.2017-0-00213, Development of Cyber Self Mutation Technologies for Proactive Cyber Defense) Publisher Copyright: {\textcopyright} 2017 IEEE. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; 14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017 ; Conference date: 02-10-2017",

year = "2017",

month = oct,

day = "6",

doi = "10.1109/VIZSEC.2017.8062196",

language = "English",

series = "2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--8",

editor = "Paul, \{Celeste Lyn\} and Simon Walton and Sophie Engle and Diane Staheli and Lane Harrison and Nicolas Prigent and Robert Gove",

booktitle = "2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017",

}

TY - GEN

T1 - Firewall ruleset visualization analysis tool based on segmentation

AU - Kim, Hyungseok

AU - Ko, Sukjun

AU - Kim, Dong Seong

AU - Kim, Huy Kang

N1 - Funding Information: This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIT) (No.2017-0-00213, Development of Cyber Self Mutation Technologies for Proactive Cyber Defense) Publisher Copyright: © 2017 IEEE. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.

PY - 2017/10/6

Y1 - 2017/10/6

N2 - Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

AB - Although most companies operate a firewall to protect their information assets, they have difficulties in identifying the control conditions of firewalls. This study proposes an analysis tool to visualize segment-based firewall rules to facilitate verification of the current control conditions. The proposed visualization tool analyzes the current control conditions of packets automatically, thereby eliminating the need for manual inspection as before, and displays the conditions with a visualization model to allow them to be easily verified. This enables managers to perform fast and accurate verification to assess whether packets are allowed or denied. This present study involved implementing the proposed visualization tool, and simulations were conducted to verify that the proposed approach was achievable. The present study also included conducting interviews with firewall experts whose feedback was positive. A video of the proposed visualization tool can be found on the following web site: https://youtu.be/q4HMnBvXbk.

KW - D.1.7 [Software]: PROGRAMMING TECHNIQUES-Visual Programming

KW - K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking)

UR - https://www.scopus.com/pages/publications/85050737555

UR - https://www.scopus.com/pages/publications/85050737555#tab=citedBy

U2 - 10.1109/VIZSEC.2017.8062196

DO - 10.1109/VIZSEC.2017.8062196

M3 - Conference contribution

AN - SCOPUS:85050737555

T3 - 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017

SP - 1

EP - 8

BT - 2017 IEEE Symposium on Visualization for Cyber Security, VizSec 2017

A2 - Paul, Celeste Lyn

A2 - Walton, Simon

A2 - Engle, Sophie

A2 - Staheli, Diane

A2 - Harrison, Lane

A2 - Prigent, Nicolas

A2 - Gove, Robert

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017

Y2 - 2 October 2017

ER -

Firewall ruleset visualization analysis tool based on segmentation

Abstract

Publication series

Other

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this