Authors: Kamel Karoui; Fakher Ben Ftima; Henda Ben Ghezala
Addresses: RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia
Abstract: Firewalls are the most widely adopted security devices for network protection. These components are often implemented with several errors (or anomalies) that are sometimes critical. To ensure the security of their networks, administrators should detect these anomalies and correct them. Before correcting the detected anomalies, the administrator should evaluate and classify these latter to determine the best strategy to correct them. In this work, we propose a process to evaluate and classify the detected anomalies using a three evaluation criteria: a quantitative evaluation, a semantic evaluation and multi-anomalies evaluation. The proposed process, convenient in an audit process, will be detailed by a case study to demonstrate its usefulness.
Keywords: firewalls; shadowing anomaly; generalisation anomaly; correlation anomaly; redundancy anomaly; anomaly severity evaluation; anomaly severity classification; semantic evaluation; quantitative evaluation; multi-anomaly evaluation; firewall anomalies; network security.
International Journal of Security and Networks, 2014 Vol.9 No.3, pp.167 - 176
Received: 07 Aug 2013
Accepted: 03 Oct 2013
Published online: 09 Nov 2014 *