Title :
Tuple Based Approach for Anomalies Detection within Firewall Filtering Rules
Author :
Benelbahri, Mohammed Anis ; Bouhoula, Adel
Author_Institution :
Coll. of Telecommun., Ariana
Abstract :
Firewalls implement packet filtering and thereby provide security functions that are used to manage data flow to, from and through routers based on a set of predefined filtering rules. Hence, filtering rules have to be well defined and coherent in order to guarantee the desired responses of the firewall. In this paper, we propose a new approach for detecting anomalies in the firewall filtering rules. An anomaly occurs when the domains of two given filtering rules are not disjoint. Filtering rules relationships have a structure of an algebraic semi group (R, Lambda), and via a morphism, we transform the problem from the formal writing and resolution to an analytic treatment. Our approach is more general than related works, since it treats any protocol header, any number of fields and different IP address writing, and, as a result, we define new anomalies such as Contradiction Anomaly and other types of the Redundancy Anomaly. We have implemented our technique and the first experimental tests show its efficiency and simplicity.
Keywords :
authorisation; computer network management; group theory; telecommunication network routing; telecommunication security; IP address writing; algebraic semigroup; anomaly detection; contradiction anomaly; data flow management; firewall filtering rules; packet filtering; redundancy anomaly; tuple based approach; Boolean functions; Data security; Data structures; Educational institutions; Filtering; Filters; Logic; Network servers; Protocols; Writing; Anomalies; Filtering rules; Firewall; Security policy; Security policy conflict;
Conference_Titel :
Computers and Communications, 2007. ISCC 2007. 12th IEEE Symposium on
Conference_Location :
Aveiro
Print_ISBN :
978-1-4244-1520-5
Electronic_ISBN :
1530-1346
DOI :
10.1109/ISCC.2007.4381486
