Practical firewall policy inspection using anomaly detection and its visualization

Ui Hyong Kim; Jung Min Kang; Jae Sung Lee; Hyong Shik Kim; Soon Young Jung

Practical firewall policy inspection using anomaly detection and its visualization

Ui Hyong Kim, Jung Min Kang, Jae Sung Lee, Hyong Shik Kim, Soon Young Jung

Research output: Contribution to journal › Article › peer-review

Abstract

Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

Original language	English
Pages (from-to)	5475-5489
Number of pages	15
Journal	Information (Japan)
Volume	16
Issue number	8 A
Publication status	Published - 2013 Aug

Keywords

Anomaly
FPA
FPC
Firewall
Policy
Visualization

ASJC Scopus subject areas

Information Systems

Cite this

@article{fd84d296ccc34a67a95bdc333e94e4ac,

title = "Practical firewall policy inspection using anomaly detection and its visualization",

abstract = "Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.",

keywords = "Anomaly, FPA, FPC, Firewall, Policy, Visualization",

author = "Kim, {Ui Hyong} and Kang, {Jung Min} and Lee, {Jae Sung} and Kim, {Hyong Shik} and Jung, {Soon Young}",

year = "2013",

month = aug,

language = "English",

volume = "16",

pages = "5475--5489",

journal = "Information (Japan)",

issn = "1343-4500",

publisher = "International Information Institute",

number = "8 A",

}

TY - JOUR

T1 - Practical firewall policy inspection using anomaly detection and its visualization

AU - Kim, Ui Hyong

AU - Kang, Jung Min

AU - Lee, Jae Sung

AU - Kim, Hyong Shik

AU - Jung, Soon Young

PY - 2013/8

Y1 - 2013/8

N2 - Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

AB - Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations' rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

KW - Anomaly

KW - FPA

KW - FPC

KW - Firewall

KW - Policy

KW - Visualization

UR - http://www.scopus.com/inward/record.url?scp=84887485315&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84887485315

SN - 1343-4500

VL - 16

SP - 5475

EP - 5489

JO - Information (Japan)

JF - Information (Japan)

IS - 8 A

ER -

Practical firewall policy inspection using anomaly detection and its visualization

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this