Abnormal Policy Detection and Correction Using Overlapping Transition
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Sunghyun | - |
dc.contributor.author | Lee, Heejo | - |
dc.date.accessioned | 2021-09-08T03:34:29Z | - |
dc.date.available | 2021-09-08T03:34:29Z | - |
dc.date.created | 2021-06-11 | - |
dc.date.issued | 2010-05 | - |
dc.identifier.issn | 1745-1361 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/116555 | - |
dc.description.abstract | Policy in security devices such as firewalls and Network Intrusion Prevention Systems (NIPS) is usually implemented as a sequence of rules. This allows network packets to proceed or to be discarded based on rule's decision. Since attack methods are increasing rapidly, a huge number of security rules are generated and maintained in security devices. Under attack or during heavy traffic, the policy configured wrong creates security holes and prevents the system from deciding quickly whether to allow or deny a packet. Anomalies between the rules occur when there is overlap among the rules. In this paper, we propose a new method to detect anomalies among rules and generate new rules without configuration error in multiple security devices as well as in a single security device. The proposed method cuts the overlap regions among rules into minimum overlap regions and finds the abnormal domain regions of rules' predicates. Classifying rules by the network traffic flow, the proposed method not only reduces computation overhead but blocks unnecessary traffic among distributed devices. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG | - |
dc.title | Abnormal Policy Detection and Correction Using Overlapping Transition | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Heejo | - |
dc.identifier.doi | 10.1587/transinf.E93.D.1053 | - |
dc.identifier.wosid | 000279136500013 | - |
dc.identifier.bibliographicCitation | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E93D, no.5, pp.1053 - 1061 | - |
dc.relation.isPartOf | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.title | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.volume | E93D | - |
dc.citation.number | 5 | - |
dc.citation.startPage | 1053 | - |
dc.citation.endPage | 1061 | - |
dc.type.rims | ART | - |
dc.type.docType | Article; Proceedings Paper | - |
dc.description.journalClass | 1 | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.subject.keywordAuthor | firewall | - |
dc.subject.keywordAuthor | security policy | - |
dc.subject.keywordAuthor | policy anomalies | - |
dc.subject.keywordAuthor | network security | - |
dc.subject.keywordAuthor | ACL | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.