FAME: A firewall anomaly management environment

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages17-26
Number of pages10
DOIs
StatePublished - 2010
Event3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 - Chicago, IL, United States
Duration: Oct 4 2010Oct 8 2010

Other

Other3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
CountryUnited States
CityChicago, IL
Period10/4/1010/8/10

Fingerprint

Visualization
Industry

Keywords

  • anomaly management
  • firewall policies
  • visualization tool

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Hu, H., Ahn, G-J., & Kulkarni, K. (2010). FAME: A firewall anomaly management environment. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 17-26). [1866902] https://doi.org/10.1145/1866898.1866902

FAME : A firewall anomaly management environment. / Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan.

Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 17-26 1866902.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hu, H, Ahn, G-J & Kulkarni, K 2010, FAME: A firewall anomaly management environment. in Proceedings of the ACM Conference on Computer and Communications Security., 1866902, pp. 17-26, 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10, Chicago, IL, United States, 10/4/10. https://doi.org/10.1145/1866898.1866902
Hu H, Ahn G-J, Kulkarni K. FAME: A firewall anomaly management environment. In Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 17-26. 1866902 https://doi.org/10.1145/1866898.1866902
Hu, Hongxin ; Ahn, Gail-Joon ; Kulkarni, Ketan. / FAME : A firewall anomaly management environment. Proceedings of the ACM Conference on Computer and Communications Security. 2010. pp. 17-26
@inproceedings{b6d0552d903441619b7aa2880063feaf,
title = "FAME: A firewall anomaly management environment",
abstract = "Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).",
keywords = "anomaly management, firewall policies, visualization tool",
author = "Hongxin Hu and Gail-Joon Ahn and Ketan Kulkarni",
year = "2010",
doi = "10.1145/1866898.1866902",
language = "English (US)",
isbn = "9781450300933",
pages = "17--26",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - FAME

T2 - A firewall anomaly management environment

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Kulkarni, Ketan

PY - 2010

Y1 - 2010

N2 - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

AB - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

KW - anomaly management

KW - firewall policies

KW - visualization tool

UR - http://www.scopus.com/inward/record.url?scp=78650166376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650166376&partnerID=8YFLogxK

U2 - 10.1145/1866898.1866902

DO - 10.1145/1866898.1866902

M3 - Conference contribution

AN - SCOPUS:78650166376

SN - 9781450300933

SP - 17

EP - 26

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -