A Firewall Policy Anomaly Detection Framework for Reliable Network Security

TOĞAY C., Kasif A., Catal C., Tekinerdogan B.

IEEE TRANSACTIONS ON RELIABILITY, cilt.71, ss.339-347, 2022 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 71
  • Basım Tarihi: 2022
  • Doi Numarası: 10.1109/tr.2021.3089511
  • Dergi Adı: IEEE TRANSACTIONS ON RELIABILITY
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Communication Abstracts, Compendex, Computer & Applied Sciences, INSPEC, Metadex, zbMATH, Civil Engineering Abstracts
  • Sayfa Sayıları: ss.339-347
  • Anahtar Kelimeler: Anomaly detection, Security, IP networks, Firewalls (computing), Shadow mapping, Redundancy, Correlation, Anomaly detection, firewall policy, logic programming, network security, packet filtering, security, CLASSIFICATION
  • Bursa Uludağ Üniversitesi Adresli: Evet

Özet

One of the key challenges in computer networks is network security. For securing the network, various solutions have been proposed, including network security protocols and firewalls. In the case of so-called packet-filtering firewalls, policy rules are implemented to monitor changes to the network and preserve the required security level. Due to the dramatic increase of devices, however, and herewith the rapid increase of the size of the policy rules, firewall policy anomalies occur more frequently. This requires careful implementation of the policy rules to ensure cost-efficient solutions for anomaly detection to support network security. In this study, we present an anomaly detection framework for detecting intrafirewall policy anomaly rules. The framework supports the simulation of packets through the firewall ruleset for validating and enhancing the security level of the network. The framework is validated using four different types of firewall policy anomalies. Experimental results demonstrate that the framework is effective and efficient in detecting firewall policy anomalies.