Title: Firewalls anomalies severity evaluation and classification

Authors: Kamel Karoui; Fakher Ben Ftima; Henda Ben Ghezala

Addresses: RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia

Abstract: Firewalls are the most widely adopted security devices for network protection. These components are often implemented with several errors (or anomalies) that are sometimes critical. To ensure the security of their networks, administrators should detect these anomalies and correct them. Before correcting the detected anomalies, the administrator should evaluate and classify these latter to determine the best strategy to correct them. In this work, we propose a process to evaluate and classify the detected anomalies using a three evaluation criteria: a quantitative evaluation, a semantic evaluation and multi-anomalies evaluation. The proposed process, convenient in an audit process, will be detailed by a case study to demonstrate its usefulness.

Keywords: firewalls; shadowing anomaly; generalisation anomaly; correlation anomaly; redundancy anomaly; anomaly severity evaluation; anomaly severity classification; semantic evaluation; quantitative evaluation; multi-anomaly evaluation; firewall anomalies; network security.

DOI: 10.1504/IJSN.2014.065712

International Journal of Security and Networks, 2014 Vol.9 No.3, pp.167 - 176

Received: 07 Aug 2013
Accepted: 03 Oct 2013

Published online: 09 Nov 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article