Title :
An approach to the generalization of firewall rules
Author :
Wei Li ; Haishan Wan ; Sheng Li
Author_Institution :
Grad. Sch. of Comput. & Inf. Sci., Nova Southeastern Univ., Fort Lauderdale, FL, USA
Abstract :
Modern firewalls are becoming complex and anomalies may exist in their rule sets. Security log data, such as firewall logs and logs generated by intrusion detection systems, could provide useful information for the update and addition of existing firewall rule sets. In this paper, we focus on the development of an effective mechanism for firewall rule generation, and proposed an algorithm called Domain-Specific Rule Generation (DSRG) algorithm. The algorithm integrates domain-specific network configuration information to help with the generalization of firewall rules based on security log data. These generalized rules could help with the anomaly check or used as an addition for existing rule sets.
Keywords :
authorisation; firewalls; system monitoring; DSRG algorithm; anomaly check; domain-specific network configuration information; domain-specific rule generation algorithm; firewall logs; firewall rule generalization approach; firewall rule generation; firewall rule sets; intrusion detection systems; security log data; Clustering algorithms; IP networks; Intrusion detection; Ports (Computers); Protocols; Telecommunication traffic; firewall; rule generalization; security;
Conference_Titel :
Computer and Information Science (ICIS), 2013 IEEE/ACIS 12th International Conference on
Conference_Location :
Niigata
DOI :
10.1109/ICIS.2013.6607841
