Automated Framework for Policy Optimization in Firewalls and Security Gateways

Maiolini, Gianluca; Cignini, L.; Baiocchi, Andrea

doi:10.1007/978-3-540-88181-0_17

Cited by 2 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [21], the authors proposed an architecture algorithm to automatically adapt packet inspection devices configuration according to traffic behavior. The algorithm provides adaptive conflict free optimization in the rule list, in which each rule is given a probability rate and cost weight.…”

Section: Related Workmentioning

confidence: 99%

IDS performance enhancement technique based on dynamic traffic awareness histograms

Trabelsi

Zeidan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

show abstract

Section: Related Workmentioning

confidence: 99%

IDS performance enhancement technique based on dynamic traffic awareness histograms

Trabelsi

Zeidan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…The non-heuristic general framework for rule-based firewall optimisation proposed in [18] captures the semantics of an access control list in terms of whether each packet is forwarded or denied instead of profiling the rules to determine their importance as in [9]. In [20], the authors propose an architecture algorithm to automatically adapt packet-filtering devices configuration according to the traffic behaviour. The adaptive conflict-free optimisation (ACO) algorithm provides adaptive conflict free optimisation in the security policy, in which each rule is given a probability rate and cost weight.…”

Section: Policy Boolean Expression Relaxation (Pber) Technique Inmentioning

confidence: 99%