FAME: A firewall anomaly management environment

Hongxin Hu; Gail-Joon Ahn; Ketan Kulkarni

doi:10.1145/1866898.1866902

FAME: A firewall anomaly management environment

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

16 Citations (Scopus)

Abstract

Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

Original language	English (US)
Title of host publication	Proceedings of the ACM Conference on Computer and Communications Security
Pages	17-26
Number of pages	10
DOIs	https://doi.org/10.1145/1866898.1866902
State	Published - 2010
Event	3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 - Chicago, IL, United States Duration: Oct 4 2010 → Oct 8 2010

Other

Other	3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
Country	United States
City	Chicago, IL
Period	10/4/10 → 10/8/10

Fingerprint

Visualization

Industry

Keywords

anomaly management
firewall policies
visualization tool

ASJC Scopus subject areas

Software
Computer Networks and Communications

Cite this

Hu, H., Ahn, G-J., & Kulkarni, K. (2010). FAME: A firewall anomaly management environment. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 17-26). [1866902] https://doi.org/10.1145/1866898.1866902

FAME : A firewall anomaly management environment. / Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan.

Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 17-26 1866902.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hu, H, Ahn, G-J & Kulkarni, K 2010, FAME: A firewall anomaly management environment. in Proceedings of the ACM Conference on Computer and Communications Security., 1866902, pp. 17-26, 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10, Chicago, IL, United States, 10/4/10. https://doi.org/10.1145/1866898.1866902

Hu H, Ahn G-J, Kulkarni K. FAME: A firewall anomaly management environment. In Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 17-26. 1866902 https://doi.org/10.1145/1866898.1866902

Hu, Hongxin ; Ahn, Gail-Joon ; Kulkarni, Ketan. / FAME : A firewall anomaly management environment. Proceedings of the ACM Conference on Computer and Communications Security. 2010. pp. 17-26

@inproceedings{b6d0552d903441619b7aa2880063feaf,

title = "FAME: A firewall anomaly management environment",

abstract = "Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).",

keywords = "anomaly management, firewall policies, visualization tool",

author = "Hongxin Hu and Gail-Joon Ahn and Ketan Kulkarni",

year = "2010",

doi = "10.1145/1866898.1866902",

language = "English (US)",

isbn = "9781450300933",

pages = "17--26",

booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - FAME

T2 - A firewall anomaly management environment

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Kulkarni, Ketan

PY - 2010

Y1 - 2010

N2 - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

AB - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

KW - anomaly management

KW - firewall policies

KW - visualization tool

UR - http://www.scopus.com/inward/record.url?scp=78650166376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650166376&partnerID=8YFLogxK

U2 - 10.1145/1866898.1866902

DO - 10.1145/1866898.1866902

M3 - Conference contribution

AN - SCOPUS:78650166376

SN - 9781450300933

SP - 17

EP - 26

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -

Access to Document

10.1145/1866898.1866902