HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis

Hyunjung Lee, Suryeon Lee, Kyounggon Kim, Huy Kang Kim

Research output: Contribution to journalArticlepeer-review

Abstract

Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, providing them with pathways into internal systems. Therefore, firewall policies must be meticulously applied and managed. Given the significant ramifications of firewall policies, they must be continuously managed with high importance. As the number of policies increases and the amount of information to be processed grows, the process becomes complex, and there are limitations to managing policies from a human cognitive perspective. An increase in unmanaged misuse policies can inadvertently introduce security risks through unintended allowance policies. In the case of large-scale network networks operating multiple firewalls, a different form of misuse policy check and management is required compared to managing a single firewall policy. The proposed tool, HSViz-II, not only visualizes misuse of a single firewall policy but also visualizes four misuse cases in a distributed firewall environment, providing a detailed breakdown based on Octets. It displays the distribution of anomalous policies by dividing the Source IP into Octet Layers. For the four anomalous policy cases, it offers five views based on dividing the Source IP into Octet Layers and three overall views for upstream firewall, downstream firewall, and both, totaling 60 views. The processing speed for each function was measured using four sets of actual upstream and downstream firewall policies, comprising eight different firewall policies in total. Firewall operators can use this tool to grasp the distribution status of misuse policies in single and multiple firewalls and check the status of misuse policies by Octet. By offering a method for firewall operators to accurately find meaningful information, this paper proposes a firewall misuse policy visualization system in a distributed firewall environment to help reduce the risk of asset exposure to cyber threats for enterprises. HSViz-II tool can be found on the web site: https://youtu.be/jvR8ZY2uapQ

Original languageEnglish
Pages (from-to)936-948
Number of pages13
JournalIEEE Access
Volume12
DOIs
Publication statusPublished - 2024

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • data visualization
  • distributed firewall rule anomaly detection
  • Firewall policy visualization
  • policy analysis
  • rule anomaly detection

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis'. Together they form a unique fingerprint.

Cite this