A Firewall Policy Anomaly Detection Framework for Reliable Network Security


TOĞAY C., Kasif A., Catal C., Tekinerdogan B.

IEEE TRANSACTIONS ON RELIABILITY, vol.71, pp.339-347, 2022 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 71
  • Publication Date: 2022
  • Doi Number: 10.1109/tr.2021.3089511
  • Journal Name: IEEE TRANSACTIONS ON RELIABILITY
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Communication Abstracts, Compendex, Computer & Applied Sciences, INSPEC, Metadex, zbMATH, Civil Engineering Abstracts
  • Page Numbers: pp.339-347
  • Keywords: Anomaly detection, Security, IP networks, Firewalls (computing), Shadow mapping, Redundancy, Correlation, Anomaly detection, firewall policy, logic programming, network security, packet filtering, security, CLASSIFICATION
  • Bursa Uludag University Affiliated: Yes

Abstract

One of the key challenges in computer networks is network security. For securing the network, various solutions have been proposed, including network security protocols and firewalls. In the case of so-called packet-filtering firewalls, policy rules are implemented to monitor changes to the network and preserve the required security level. Due to the dramatic increase of devices, however, and herewith the rapid increase of the size of the policy rules, firewall policy anomalies occur more frequently. This requires careful implementation of the policy rules to ensure cost-efficient solutions for anomaly detection to support network security. In this study, we present an anomaly detection framework for detecting intrafirewall policy anomaly rules. The framework supports the simulation of packets through the firewall ruleset for validating and enhancing the security level of the network. The framework is validated using four different types of firewall policy anomalies. Experimental results demonstrate that the framework is effective and efficient in detecting firewall policy anomalies.