Abstract
Due to the increasing threat of attacks and malicious activities, the use of firewall technology is an important milestone toward making networks of any complexity and size secure. Unfortunately, the inherent difficulties in designing and managing firewall policies within modern highly distributed, dynamic and heterogeneous environments might greatly limit the effectiveness of firewall security. It is therefore desirable to automate as much as possible the firewall configuration process. Accordingly, this work presents a new more active and scalable firewalling architecture based on dynamic and adaptive policy management facilities, thus enabling the automatic generation of new rules and policies to ensure a timely response in detecting unusual traffic activity as well as identify unknown potential attacks (zero-day). The proposed scheme, with a multi-stage modular structure, can be easily applied to a distributed security environment and does not depend on any specific security solutions or hardware/software packages.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abbes T, Bouhoula A, Rusinowitch M (2008) An inference system for detecting firewall filtering rules anomalies. In Roger L. Wainwright and Hisham Haddad, editors, SAC 08 Proceedings of the 2008 ACM symposium on Applied computing, pages 2122–2128. ACM. ISBN 978-1-59593-753-7
Abedin M, Nessa S, Khan L, Al-Shaer E (2010) Analysis of firewall policy rules using traffic mining techniques. International Journal of Internet Protocol Technology 5(1-2):3–22
Al-Shaer E, Hamed H (2004) Discovery of policy anomalies in distributed firewalls. In INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies 4:2605 –2616
Bashah N, Bharanidharan Shanmugam I, Ahmed A (2005) Hybrid Intelligent Intrusion Detection System. Transactions on Engineering, Computing and Technology 6:291–294
Castiglione A, De Santis A, Fiore U, Palmieri F (2010) An enhanced firewall scheme for dynamic and adaptive containment of emerging security threats. In Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference on :475–481
De Capitani di Vimercati S, Foresti S, Jajodia S, Samarati P (2007) Access control policies and languages in open environments. In Secure Data Management in Decentralized Systems, volume 33 of Advances in Information Security, pages 21–58. Springer. ISBN 978-0-387-27694-6
Debar H, Curry DA, Feinstein BS (2007) The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765, March 2007. http://www.faqs.org/rfcs/rfc4765.htm..
Feinstein BS, Matthews GA (2007) The Intrusion Detection Exchange Protocol (IDXP). RFC 4767, March 2007 .http://www.faqs.org/rfcs/rfc4767.html
Frigault M, Wang L (2008) Measuring network security using bayesian network-based attack graphs. In Computer Software and Applications, 2008. COMPSAC 08. 32nd Annual IEEE International Conference on, pages 698–703. IEEE Computer Society. ISBN 978-0-7695-3262-2
Gu Y, McCallum A, Towsley D (2005) Detecting anomalies in network traffic using maximum entropy estimation. In Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement, IMC ’05, pages 32–32, Berkeley, CA, USA. USENIX Association.
Hamed H, Al-Shaer E (2006) Taxonomy of conflicts in network security policies. Communications Magazine, IEEE 44(3):134–141, march 2006. ISSN 0163-6804
Kao S, Shiue L (2009) Security management of mutually trusted domains through cooperation of defensive technologies. Int. Journal of Network Management 19(3):183–201
Knuth DE (1997) The Art of Computer Programming, Volume I: Fundamental Algorithms, 3rd Edition. Addison-Wesley
Lakhina A, Crovella M, Diot C (2004) Diagnosing network-wide traffic anomalies. SIGCOMM Comput. Commun. Rev. 34:219–230, August 2004. ISSN 0146-4833
Mayer A, Wool A, Ziskind E (2000) Fang: a firewall analysis engine. In Security and Privacy, 2000. S P 2000. Proceedings. 2000 IEEE Symposium on :177–187
NetCitadel LLC (2010) http://www.fwbuilder.org/
Palmieri F, Fiore U (2008) Containing large-scale worm spreading in the internet by cooperative distribution of traffic filtering policies. Computers & Security 27(1-2):48–62
Palmieri F, Fiore U (2010) Network anomaly detection through nonlinear analysis. Computers & Security 29(7):737–755
Pozo S, Ceballos R, Gasca RM (2008) Afpl, an abstract language model for firewall acls. In Proceedings of the international conference on Computational Science and Its Applications, Part II, ICCSA ’08, pages 468–483, Berlin, Heidelberg. Springer-Verlag. ISBN 978-3-540-69840-1.
RedSeal Inc (2011) http://www.redseal.net/products/redseal-networkadvisor, March 2011
Samak T, Al-Shaer E (2010) Synthetic security policy generation via network traffic clustering. In Proceedings of the 3rd ACM workshop on Artificial intelligence and security, AISec ’10, pages 45–53, New York, NY, USA .ACM. ISBN 978-1-4503-0088-9
Samak T, El-Atawy A, Al-Shaer E Towards network security policy generation for configuration analysis and testing. In Proceedings of the 2nd ACM workshop on Assurable and usable security configuration, SafeConfig ’09, pages 45–52, New York, NY, USA, 2009. ACM. ISBN 978-1-60558-778-3
SkyBox Inc (2011) http://http://www.skyboxsecurity.com/, March 2011
Vaarandi R, Podins K (2010) Network ids alert classification with frequent itemset mining and data clustering. In Network and Service Management (CNSM), 2010 International Conference on, pages 451 –456. IEEE, oct
Zhang B, Al-Shaer E, Jagadeesan R, Riely J, Pitcher C (2007) Specifications of a high-level conflict-free firewall policy language for multi-domain networks. In Proceedings of the 12th ACM symposium on Access control models and technologies, pages 185–194. ISBN 978-1-59593-745-2
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
De Santis, A., Castiglione, A., Fiore, U. et al. An intelligent security architecture for distributed firewalling environments. J Ambient Intell Human Comput 4, 223–234 (2013). https://doi.org/10.1007/s12652-011-0069-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-011-0069-8