Applying static code analysis to firewall policies for the purpose of anomaly detection
نویسنده
چکیده
Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this work are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of Static Code Analysis to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of Static Code Analysis of firewall policies, expressed in our abstract language using Datalog language. i ar X iv :1 10 2. 12 37 v1 [ cs .P L ] 7 F eb 2 01 1
منابع مشابه
Firewall Management for to Resolve the Policy Anomalies
Firewall is a security system for network, that controls the network traffic based on firewall rules. Firewall depends on the policy configuration, but managing that firewall policy is complex. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, they can only detect the policy anomaly cannot resolve these anomalies, and detection time was also increased. Therefore, I re...
متن کامل3D Gabor Based Hyperspectral Anomaly Detection
Hyperspectral anomaly detection is one of the main challenging topics in both military and civilian fields. The spectral information contained in a hyperspectral cube provides a high ability for anomaly detection. In addition, the costly spatial information of adjacent pixels such as texture can also improve the discrimination between anomalous targets and background. Most studies miss the wort...
متن کاملUsing Static Program Analysis to Aid Intrusion Detection
The Internet, and in particular the world-wide web, have become part of the everyday life of millions of people. With the growth of the web, the demand for on-line services rapidly increased. Today, whole industry branches rely on the Internet to do business. Unfortunately, the success of the web has recently been overshadowed by frequent reports of security breaches. Attackers have discovered ...
متن کاملNonparametric Spectral-Spatial Anomaly Detection
Due to abundant spectral information contained in the hyperspectral images, they are suitable data for anomalous targets detection. The use of spatial features in addition to spectral ones can improve the anomaly detection performance. An anomaly detector, called nonparametric spectral-spatial detector (NSSD), is proposed in this work which utilizes the benefits of spatial features and local st...
متن کاملAn Integrated Network Security Approach - Pairing Detecting Malicious Patterns with Anomaly Detection
We report in this paper on research in progress concerning the integration of different security techniques. A main purpose of the project is to integrate as many security functionality as possible into the firewall. We will report in this paper on the concept of an intelligent firewall that contains a smart detection engine for potentially malicious data packets.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1102.1237 شماره
صفحات -
تاریخ انتشار 2011