A Survey on the Different Firewall Technologies

Mukkamala, Padma Priya; Rajendran, Sindhu

doi:10.33564/ijeast.2020.v05i01.059

Cited by 14 publications

(17 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…and) s/a � 0.375 r � 500. (5) Files weight e value of this subfeature is initialized to zero. Value of this subfeature increases for each suspicious discovered in files.…”

Section: Features Engineeringmentioning

confidence: 99%

“…Traditional firewalls interact with packets in network and transport layers [3], while web application firewalls interact with web requests in the application layer [4]. ese firewalls were operated using the signature [5], as they recognize the attack through a distinct fingerprint of it, and this requires large databases and storing the fingerprint of each attack after it is executed. Reliance on databases (signature-based protection) and hardcoded logic and rules (using traditional programming) make it more difficult to take advantage of expert knowledge by transferring it to the computer.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Web Application Firewall Using Machine Learning and Features Engineering

Shaheed

Kurdy

2022

Security and Communication Networks

View full text Add to dashboard Cite

Web application security has become a major requirement for any business, especially with the wide web attacks spreading despite the defensive measures and the continuous development of software frameworks and servers. In this study, we present a proposed model for a web application firewall that used machine learning and features engineering to detect common web attacks. Our proposed model analyses incoming requests to the webserver, parses these requests to extract four features that describe completely HTTP request parts (URL, payload, and headers), and classifies whether a request is normal or an anomaly. We took into consideration the limitation of previous works that use URL and payload only in classification and provided five features that describe and summarize all parts of the HTTP request using features engineering and previous experience in the field of the software security domain. Extracted features are length of request, percentage of characters allowed, percentage of special characters, and attack weight. These features were calculated for four different datasets CSIC 2010, HTTPParams 2015, Hybrid dataset (CSIC 2010 and HTTPParams), and real logs for the compromised web server. We evaluated our proposed model by using these updated datasets with four classification algorithms (Naive Bayes, logistic regression, decision tree, and support vector machine) with two methods (train test split and cross-validation) to negate the probability of overfitting and ensure that features are effective. Features values for a normal request are usually short request length, large allowed character ratio, small special character ratio, and zero attack weight or close to zero. Features values for anomaly requests are large request length, small allowed character percentage, large special character percentage, and very large numerically attack weight. Our proposed model achieved a classification accuracy of 99.6% with datasets used in research studies in this field and 98.8% with datasets of real web servers.

show abstract

“…and) s/a � 0.375 r � 500. (5) Files weight e value of this subfeature is initialized to zero. Value of this subfeature increases for each suspicious discovered in files.…”

Section: Features Engineeringmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Web Application Firewall Using Machine Learning and Features Engineering

Shaheed

Kurdy

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In modern computer networks, firewalls are pervasively deployed to protect network assets from cyber threats by blocking undesired and malicious traversing traffic [1]. Firewalls can be either dedicated hardware devices or software programs running on general-purpose servers, relying on traditional operating systems or virtualized environments, as in the case of networks based on the Network Functions Virtualization (NFV) paradigm.…”

Section: Introductionmentioning

confidence: 99%

An Optimized Approach for Assisted Firewall Anomaly Resolution

Bringhenti,

Seno,

Valenza

2023

IEEE Access

View full text Add to dashboard Cite

The security configuration of firewalls is a complex task that is commonly performed manually by network administrators. As a consequence, among the rules composing firewall policies, they often introduce anomalies, which can be classified into sub-optimizations and conflicts, and which must be solved to allow the expected firewall behavior. The severity of this problem has been recently exacerbated by the increasing size and heterogeneity of next-generation computer networks. In this context, a main research challenge is the definition of approaches that may help the administrators in identifying and resolving the anomalies afflicting the policies they write. However, the strategies proposed in literature are fully automated, and thus potentially dangerous because the error-fixing process is not under human control. Therefore, this paper proposes an optimized approach to provide assisted firewall anomaly detection and resolution. This approach solves automatically only sub-optimizations, while it interacts with human users through explicit queries related to the resolution of conflicts, as their automatic resolution may lead to undesired configurations. The proposed approach also reduces the number of required interactions, with the aim to reduce the workload required to administrators, and employs satisfiability checking techniques to provide a correct-by-construction result. A framework implementing this methodology has been finally evaluated in use cases showcasing its applicability and optimization.INDEX TERMS Firewall, policy anomaly management, policy-based systems.

show abstract

“…Для защиты от утечек широкое распространение получили средства межсетевого экранирования и системы предотвращения утечек информации (Data Loss/Leak Prevention, DLP-системы). Межсетевой экран (брандмауэр, firewall) -аппаратное и\или программное средство, осуществляющее анализ, мониторинг и фильтрацию проходящего сетевого трафика согласно установленных правил безопасности [3][4][5]. Применение методов блокировки и анализа передаваемого трафика на разных уровнях модели OSI средствами межсетевого экранирования позволяет снизить количество утечек, осуществляемых по сетевым каналам, а также по каналам утечки, использующим службы мгновенных сообщений, осуществляющих передачу текстовых, голосовых и видео сообщений.…”

Section: Introductionunclassified

Text documents marking algorithm based on interword distances shifting invariant to format conversion

Kozachok¹,

Kopylov²,

Gorbachev³

et al. 2021

Proceedings of ISP RAS

View full text Add to dashboard Cite

The article presents an electronic text documents marking algorithm based on the identification information embedding by changing the values of the intervals between words (interwords distance shifting). The algorithm development is aimed at increasing the documents containing text information security from leakage through the channel due to the transfer of documents printed on paper, as well as the corresponding electronic copies of paper documents. In the marking algorithm developing process, an existing tools analysis of protecting paper documents from leakage was carried out, practical solutions in the field of protecting text documents were considered, their advantages and disadvantages were determined. The interwods distance shifting algorithm acts as an approach to the information embedding in electronic documents. Changing the values of interwords distance is based on embedding the normalized space in the selected areas of text lines and adjusting the remaining values of the spacing between words by the calculated values. To invariance ensure of the embedded marker for printing and subsequent scanning or photographing, formation algorithms of embedding regions and embedding matrix have been developed. In the embedding regions forming process from the text lines of the source document, arrays of spaces are formed, consisting of pairs: four and two spaces or two spaces. By means of the embedded information in the formed areas, the places where the normalized space is inserted is determined. In the embedding a marker process, an embedding matrix is formed, containing the values of the word displacement, and it is embedded in the original document in the process of printing. The developed marking algorithm usage makes it possible to introduce a marker into the electronic document text structure that is invariant to the format transformation of an electronic document into a paper one and vice versa. In addition, the developed marking algorithm features and limitations are presented. Directions for further research identified.

show abstract

A Survey on the Different Firewall Technologies

Cited by 14 publications

References 0 publications

Web Application Firewall Using Machine Learning and Features Engineering

Web Application Firewall Using Machine Learning and Features Engineering

An Optimized Approach for Assisted Firewall Anomaly Resolution

Text documents marking algorithm based on interword distances shifting invariant to format conversion

Contact Info

Product

Resources

About