Skip to main content
SpringerLink
Log in

Practical Firewall Policy Inspection Using Anomaly Detection and Its Visualization

  • Conference paper
  • First Online:
Proceedings of the International Conference on IT Convergence and Security 2011

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 120))

Abstract

Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrator use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many different administrators set as time goes and detecting illegal servers. This tool also supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations’ rules are introduced. Finally, this paper illustrates an easy visualization even for non-security administrators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cheswick W, Belovin S (1995) Firewalls and internet security. Addison-Wesley, Reading

    Google Scholar 

  2. Al-Shaer ES, Hamed HH (2002) Design and implementation of firewall policy advisor tools, Technical report CTI-techrep0801

    Google Scholar 

  3. Al-Shaer ES, Hamed HH (2003) Firewall policy advisor for anomaly discovery and rule editing. In: IFIP/IEEE 8th international symposium on integrated network management

    Google Scholar 

  4. Tran T, Al-Shaer E, Boutaba R (2007) PolicyVis: firewall security policy visualization and inspection. In: Proceedings of the 21st large installation system administration conference (LISA ‘07)

    Google Scholar 

  5. Marty R (2009) Applied security visualization. Addison Wesley, Reading

    Google Scholar 

  6. Lee CP, Trost J, Gibbs N, Beyah R, Copeland JA (2005) Visual firewall: real-time network security monitor. In: Proceedings of the IEEE workshops on visualization for computer security

    Google Scholar 

  7. Nidhi S (2005) FireViz: a personal firewall visualizing tool. Thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science

    Google Scholar 

  8. Secui NXG Firewall. http://www.secui.com

  9. GNU gnash. http://www.gnu.org/software/gnash

  10. Cadabra. http://cadabra.phi-sci.com

  11. Christian R AfterGlow. http://afterglow.sourceforge.net/

  12. Ellson J, Gansner ER, Koutsofios E, North SC, Woodhull G (2003) Graphviz and dynagraph - static and dynamic graph drawing tools. In: Jünger M, Mutzel P (eds) Graph drawing software. Springer-Verlag, Heidelberg, pp 127–148

    Google Scholar 

  13. Yin X, Yurcik W, Slagell A (2005) The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness. In: Proceedings of the 3rd IEEE international workshop on information assurance (IWIA’ 05)

    Google Scholar 

  14. Goodall JR (2007) Introduction to visualization for computer security. In: VizSec ‘07 Proceedings of the 4th international symposium on visualization for cyber security

    Google Scholar 

  15. Pearlman J, Rheingans P (2007) Visualizing network security events using compound glyphs from a service-oriented perspective. In: VizSec ‘07 Proceedings of the 4th international symposium on visualization for cyber security

    Google Scholar 

  16. Glatz E (2010) Visualizing host traffic through graphs. In: VizSec ‘10 Proceedings of the 7th international symposium on visualization for cyber security

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Chungnam University, 79 Daehak-ro, Yuseong-gu, Daejeon, 305-764, South Korea

    Ui-Hyong Kim & Hyong-Shik Kim

  2. Computer Science Education, Korea University, Anam-dong 5-ga, Seongbuk-gu, Seoul, 136-701, South Korea

    Jung-Min Kang

  3. Cyber Security Research Department, The Attached Institute of ETRI, P.O. Box 1, Yuseong, Daejeon, 305-600, South Korea

    Jae-Sung Lee

Authors
  1. Ui-Hyong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung-Min Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jae-Sung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hyong-Shik Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jung-Min Kang .

Editor information

Editors and Affiliations

  1. , Convergence Security, Kyoung-gi University, Iui-dong San 94-6, Suwon, Gyeonggi-do, 443-760, Korea, Republic of (South Korea)

    Kuinam J. Kim

  2. , Computer Science, Sungkyunkwan University, Cheonchoen-dong, Jangan-gu 300, Suwon, Gyeonggi-do, 110-745, Korea, Republic of (South Korea)

    Seong Jin Ahn

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media B.V.

About this paper

Cite this paper

Kim, UH., Kang, JM., Lee, JS., Kim, HS. (2012). Practical Firewall Policy Inspection Using Anomaly Detection and Its Visualization. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_61

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-2911-7_61

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-2910-0

  • Online ISBN: 978-94-007-2911-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation