IJSRD Found good research work on Computer Science & Engineering Research Area related to Anomaly in Firewall.
Abstract
The advent of emerging technologies such as
Web services, service-oriented architecture, and cloud
computing has enabled us to perform business services more
efficiently and effectively. However, we still suffer from
unintended security leakages by unauthorized actions in
business services. Firewalls are the most widely deployed
security mechanism to ensure the security of private
networks in most businesses and institutions. The
effectiveness of security protection provided by a firewall
mainly depends on the quality of policy configured in the
firewall. Unfortunately, designing and managing firewall
policies are often error-prone due to the complex nature of
firewall configurations as well as the lack of systematic
analysis mechanisms and tools. In this paper, we represent
an innovative policy anomaly management framework for
firewalls, adopting a rule-based segmentation technique to
identify policy anomalies and derive effective anomaly
resolutions. We also discuss a proof-of-concept
implementation of a visualization-based firewall policy
analysis tool called Firewall Anomaly Management
Environment (FAME). In addition, we demonstrate how
efficiently our approach can discover and resolve anomalies
in firewall policies through rigorous experiments using
Automatic rule generation technique.
Key words: FAME, policy anomaly, firewall, segment
I. PROPOSED WORK AND SYSTEM
ARCHITECTURE
A distributed firewall preserves central control of
access policy, which eliminates the dependency on
topology. The proposed work introduces new ARG
(Automatic Rule Generation) algorithm for distributed
firewalls. The ARG algorithm proposed for automatically
generating rules, detecting and resolving policy anomaly in
distributed firewalls. By automating the task of
administrator in distributed environment, it reduces the
complexity and increases flexibility.[1]
The proposed system architecture in Fig.1 which
has the following advantages: (i) No restriction for
topological boundary. (ii) Automatic rule generation detects
and resolves the policy anomalies in distributed firewalls.
(iii) Eliminates redundancy (iv) Reduces complexity and
increases flexibility.
In the proposed work, rules and actions are
generated or modified according to the changes in the
requirements of the dynamic environment. When a client
sends a data packet to network, firewall checks the packet
characteristics and decides to allow/deny the packet flow
into the network. [1] The firewall rule anomalies are
identified using packet space segmentation technique, and
then the risk of anomalies is assessed, based upon the risk,
the firewall rules are re-ordered. Risk assessment is
measured using an upper bound and lower bound threshold
values.
Fig. Data Flow Diagram
Automatic rule generation
Packet Space Segmentation
Action Constraint Generation
Rule Reordering
Data Package
A. Automatic Rule Generation:
When the client wants to send data packets to the network,
some set of firewall rules should be satisfied to allow the
packets in Fig 2. For this, network administrators from
different location allocate certain firewall rules to the server.
Here generation of firewall rules and actions are done
automatically. This process is performed by taking certain
specifications and constraints. [1] The specification are
taken and mapped randomly to generate the firewall rules.
The rules are generated in the rule engine, the action
happens when a client sends data packet to rule engine.
For More Click Here...
WebSite: www.ijsrd.com
No comments:
Post a Comment