Abnormal Policy Detection and Correction Using Overlapping Transition
スポンサーリンク
概要
- 論文の詳細を見る
Policy in security devices such as firewalls and Network Intrusion Prevention Systems (NIPS) is usually implemented as a sequence of rules. This allows network packets to proceed or to be discarded based on rules decision. Since attack methods are increasing rapidly, a huge number of security rules are generated and maintained in security devices. Under attack or during heavy traffic, the policy configured wrong creates security holes and prevents the system from deciding quickly whether to allow or deny a packet. Anomalies between the rules occur when there is overlap among the rules. In this paper, we propose a new method to detect anomalies among rules and generate new rules without configuration error in multiple security devices as well as in a single security device. The proposed method cuts the overlap regions among rules into minimum overlap regions and finds the abnormal domain regions of rules predicates. Classifying rules by the network traffic flow, the proposed method not only reduces computation overhead but blocks unnecessary traffic among distributed devices.
- 2010-05-01
著者
-
LEE Heejo
Korea University
-
Kim Sunghyun
Korea Univ. Seoul Kor
-
Kim Sunghyun
Korea University
-
Lee Heejo
Korea Univ. Kor
関連論文
- Abnormal Policy Detection and Correction Using Overlapping Transition
- Enhancing Resiliency of Networks : Evolving Strategy vs. Multihoming
- On the Cross-Layer Impact of TCP ACK Thinning on IEEE802.11 Wireless MAC Dynamics(Wireless Communication Technologies)
- Reducing Payload Inspection Cost Using Rule Classification for Fast Attack Signature Matching
- Minimum-Energy Semi-Static Scheduling of a Periodic Real-Time Task on DVFS-Enabled Multi-Core Processors