| Autor: |
Hyeonwoo Kim, Hongtaek Ju, Dongwoo Kwon |
| Rok vydání: |
2015 |
| Předmět: |
|
| Zdroj: |
Journal of Internet Computing and Services. 16:27-40 |
| ISSN: |
1598-0170 |
| DOI: |
10.7472/jksii.2015.16.2.27 |
| Popis: |
Inferring firewall policy is to discover firewall policy by analyzing response packets as results of active probing without any prior information. However, a brute-force approach for generating probing packets is unavailable because the probing packets may be regarded as attack traffic and blocked by attack detection threshold of a firewall. In this paper, we propose a firewall policy inference method using an efficient probing algorithm which considers the number of source IP addresses, maximum probing packets per second and interval size of adjacent sweep lines as inference parameters to avoid detection. We then verify whether the generated probing packets are classified as network attack patterns by a firewall, and present the result of evaluation of the correctness by comparing original firewall policy with inferred firewall policy. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
