Skip to main content
SpringerLink
Log in

Practical firewall policy inspection using anomaly detection and its visualization

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations’ rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Cadabra, “http://cadabra.phi-sci.com”.

  2. Cheswick W. and S. Belovin (1995) “Firewalls and Internet Security”, Addison-Wesley,

  3. Christian R. AfterGlow, “http://afterglow.sourceforge.net/”.

  4. Ehab S. Al-Shaer and Hazem H. Hamed (2002) “Design and Implementation of Firewall Policy Advisor Tools”, Technical Report CTI-techrep0801

  5. Ehab S. Al-Shaer and Hazem H. Hamed (2003) “Firewall Policy Advisor for Anomaly Discovery and Rule Editing”, IFIP/IEEE 8th International Symposium on Integrated Network Management

  6. Ellson J, Gansner ER, Koutsofios E, North SC , and Woodhull G (2003). Graphviz and Dynagraph - Static and Dynamic Graph Drawing Tools. In M. Jünger and P. Mutzel, editors, Graph Drawing Software, pages 127–148. Springer-Verlag

  7. Glatz E (2010) “Visualizing Host Traffic through Graphs”, VizSec ’10 Proceedings of the Seventh International Symposium on Visualization for Cyber Security

  8. GNU gnash, “http://www.gnu.org/software/gnash”.

  9. Goodall JR (2007) “Introduction to Visualization for Computer Security”, VizSec ’07 Proceedings of the Fourth International Symposium on Visualization for Cyber Security

  10. Lee, CP., Trost J, Gibbs N, Beyah R, Copeland JA (2005) Visual Firewall: Real-time Network Security Monitor”, Proceedings of the IEEE Workshops on Visualization for Computer Security

  11. Marty R (2009) “Applied Security Visualization”, Addison Wesley

  12. Nidhi S (2005) “FireViz: A Personal Firewall Visualizing Tool”, Thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science

  13. Pearlman J. and Rheingans P (2007) “Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective”, VizSec ’07 Proceedings of the Fourth International Symposium on Visualization for Cyber Security

  14. Secui NXG Firewall, “http://www.secui.com”.

  15. Tran T, Al-Shaer E, and Boutaba R (2007) “PolicyVis: Firewall Security Policy Visualization and Inspection”, Proceedings of the 21st Large Installation System Administration Conference (LISA ’07)

  16. Yin X, Yurcik W, and Slagell A (2005) “The Design of VisFlowConnect-IP: a Link Analysis System for IP Security Situational Awareness”, Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA’ 05)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Chungnam University, 79 Daehak-ro Yuseong-gu, Daejeon, South Korea

    Ui-Hyong Kim & Hyong-Shik Kim

  2. Computer Science Education, Korea University, Anam-dong 5-ga, Seongbuk-gu, Seoul, South Korea

    Jung-Min Kang & Soon-Young Jung

  3. Cyber Security Research Department, The Attached Institute of ETRI, P.O.Box 1, Yuseong, Daejeon, South Korea

    Jae-Sung Lee

Authors
  1. Ui-Hyong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung-Min Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jae-Sung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hyong-Shik Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Soon-Young Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jung-Min Kang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, UH., Kang, JM., Lee, JS. et al. Practical firewall policy inspection using anomaly detection and its visualization. Multimed Tools Appl 71, 627–641 (2014). https://doi.org/10.1007/s11042-013-1673-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-013-1673-8

Keywords

Search

Navigation