An intelligent security architecture for distributed firewalling environments

Due to the increasing threat of attacks and malicious activities, the use of firewall technology is an important milestone toward making networks of any complexity and size secure. Unfortunately, the inherent difficulties in designing and managing firewall policies within modern highly distributed, dynamic and heterogeneous environments might greatly limit the effectiveness of firewall security. It is therefore desirable to automate as much as possible the firewall configuration process. Accordingly, this work presents a new more active and scalable firewalling architecture based on dynamic and adaptive policy management facilities, thus enabling the automatic generation of new rules and policies to ensure a timely response in detecting unusual traffic activity as well as identify unknown potential attacks (zero-day). The proposed scheme, with a multi-stage modular structure, can be easily applied to a distributed security environment and does not depend on any specific security solutions or hardware/software packages.

[1]  Idris Bharanidharan Shanmugam,et al.  Hybrid intelligent Intrusion Detection System , 2005 .

[2]  Ehab Al-Shaer,et al.  Synthetic security policy generation via network traffic clustering , 2010, AISec '10.

[3]  Ehab Al-Shaer,et al.  Specifications of a high-level conflict-free firewall policy language for multi-domain networks , 2007, SACMAT '07.

[4]  Sushil Jajodia,et al.  Access Control Policies and Languages in Open Environments , 2007, Secure Data Management in Decentralized Systems.

[5]  Alfredo De Santis,et al.  An Enhanced Firewall Scheme for Dynamic and Adaptive Containment of Emerging Security Threats , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[6]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[7]  Francesco Palmieri,et al.  Containing large-scale worm spreading in the Internet by cooperative distribution of traffic filtering policies , 2008, Comput. Secur..

[8]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[9]  Michaël Rusinowitch,et al.  An inference system for detecting firewall filtering rules anomalies , 2008, SAC '08.

[10]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[11]  Ehab Al-Shaer,et al.  Taxonomy of conflicts in network security policies , 2006, IEEE Communications Magazine.

[12]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[13]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[14]  Ehab Al-Shaer,et al.  Towards network security policy generation for configuration analysis and testing , 2009, SafeConfig '09.

[15]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd Edition , 1997 .

[16]  Rafael M. Gasca,et al.  AFPL, an Abstract Language Model for Firewall ACLs , 2008, ICCSA.

[17]  Risto Vaarandi,et al.  Network IDS alert classification with frequent itemset mining and data clustering , 2010, 2010 International Conference on Network and Service Management.

[18]  Shang-Juh Kao,et al.  Security management of mutually trusted domains through cooperation of defensive technologies , 2009, Int. J. Netw. Manag..

[19]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[20]  Ehab Al-Shaer,et al.  Analysis of firewall policy rules using traffic mining techniques , 2010, Int. J. Internet Protoc. Technol..

[21]  Gregory A. Matthews,et al.  The Intrusion Detection Exchange Protocol (IDXP) , 2007, RFC.

[22]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.