A Firewall Policy Anomaly Detection Framework for Reliable Network Security

Abstract

One of the key challenges in computer networks is network security. For securing the network, various solutions have been proposed, including network security protocols and firewalls. In the case of so-called packet-filtering firewalls, policy rules are implemented to monitor changes to the network and preserve the required security level. Due to the dramatic increase of devices, however, and herewith the rapid increase of the size of the policy rules, firewall policy anomalies occur more frequently. This requires careful implementation of the policy rules to ensure cost-efficient solutions for anomaly detection to support network security. In this study, we present an anomaly detection framework for detecting intrafirewall policy anomaly rules. The framework supports the simulation of packets through the firewall ruleset for validating and enhancing the security level of the network. The framework is validated using four different types of firewall policy anomalies. Experimental results demonstrate that the framework is effective and efficient in detecting firewall policy anomalies. 1963-2012 IEEE.