The Semantics Loss Tracker of Firewall Rules

Autor: Suchart Khummanee
Rok vydání: 2018
Předmět:
Zdroj: Recent Advances in Information and Communication Technology 2018 ISBN: 9783319936918
DOI: 10.1007/978-3-319-93692-5_22
Popis: Frequently, firewall rules are overlapped and duplicated. The problems are usually resolved by merging rules. However, sometimes merged rules lead to the semantics loss. This paper proposed the tracker system for analyzing and alerting the semantics loss of firewall rules while they are being merged, namely SELTracker. SELTracker data structure is built from the Path Selection Tree (PST). PST does only keep all anomaly rules but also maintain normal rules. While firewall rules are being merged, SELTracker analyzes merging rules against PST. Based on the testing results, the proposed system has the ability to effectively detect the semantics loss. Moreover, SELTracker can also detect all other anomalies.
Databáze: OpenAIRE