Title: Firewall filtering rules analysis for anomalies detection

Authors: Adel Bouhoula, Zouheir Trabelsi, Ezedin Barka, Mohammed-Anis Benelbahri

Addresses: Ecole Superieure des Communications de Tunis (SupCom), Cite Technologique des Communications, Route de Raoued Km 3,5 – 2083 Cite El Ghazala, Tunisia. ' College of Information Technology, UAE University, P.O. Box 17555, Al Ain, UAE. ' College of Information Technology, UAE University, P.O. Box 17555, Al Ain, UAE. ' Ecole Superieure des Communications de Tunis (SupCom), Cite Technologique des Communications, Route de Raoued Km 3, 5 – 2083 Cite El Ghazala, Tunisia

Abstract: Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor towards the effectiveness of firewalls. In this paper, we propose an approach for detecting and correcting anomalies in firewalls filtering rules. In fact, we define a process that starts with defining a matrix to represent the list of the filtering rules, and then generates a number of matrices defining all the relationships among the filtering rules, where each matrix is related to a particular type of network packet|s field. Finally, the process uses the matrices to detect and correct the anomalies within the filtering rules. Moreover, the paper addresses the issue of the ordering of the filtering rules.

Keywords: firewalls; filtering rules; anomalies; security policy conflict; anomaly detection; network security; access control.

DOI: 10.1504/IJSN.2008.020090

International Journal of Security and Networks, 2008 Vol.3 No.3, pp.161 - 172

Published online: 26 Aug 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article