Handling Stateful Firewall Anomalies

Cuppens, Frédéric; Cuppens-Boulahia, Nora; García-Alfaro, Joaquín; Moataz, Tarik; Rimasson, Xavier

doi:10.1007/978-3-642-30436-1_15

Cited by 24 publications

(14 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The literature on the evaluation of first generation FW configurations is now significantly abundant, but the same cannot be said for second and third generation FWs, also referred to as stateful FWs. Cuppens addressed this disadvantage and provided solutions for analyzing and tackling stateful FW anomalies and misconfigurations.…”

Section: Literature Reviewmentioning

confidence: 99%

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

Sureshkumar

Lingaraj²,

Anand³

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Summary Network operators depend on security services with the aim of safeguarding their IT infrastructure. Various types of network security policies are employed on a global scale and are disseminated among several security middleboxes implemented in networks. But, owing to the complications in security policies, it is not quite efficient to directly use the path‐wise enforcement schemes that are prevalent. The major motivation of this work is to improve security levels and solve the policy enforcement problem. For the first time, this work reports the issue of policy enforcement on middleboxes. The major contribution of this work is to design security policy enforcement as a Weighted K Set Covering Problem, and we designed a Policy Space Analysis (PSA) tool intended for a group of operations in the security policy. This PSA tool was developed based on range‐signified hyper‐rectangles, which are indexed by the Hilbert R‐tree. Leveraging the PSA, we first investigated the topological features of various kinds of policies. Balancing the PSA tool in a non‐dominated sorting particle swarm optimization technique exposes the intrinsic difficulties of this security strategy and provides guidance for designing the enforcement approach. In addition, in this research, a new fuzzy rule‐based classification system is introduced for packet classification. A scope‐wise policy enforcement algorithm was proposed, which chooses a moderate number of enforcement network nodes for deploying multiple policy subsets in a greedy manner. This scheme is much quicker compared with the first one and therefore has found its application in real‐time deployments.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

Sureshkumar

Lingaraj²,

Anand³

et al. 2018

Int J Communication

View full text Add to dashboard Cite

show abstract

“…There are several works in the literature that propose anomaly detection techniques for firewall policies [1], [2], [22], [41]. However, these works consider network firewall policies and do not repair WAFs regex rules.…”

Section: Related Workmentioning

confidence: 99%

“…In the context of WAF testing, most of research effort has been devoted to generating attacks able to bypass WAFs using various automated testing approaches [1], [2], [4], [22], [41]. While identifying security flaws helps highlight the inadequacy of existing configurations, little attention has been paid to supporting the refinement of inadequate rule sets.…”

Section: Introductionmentioning

confidence: 99%

Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks

Appelt

Panichella

Briand

2017

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

Abstract-Testing and fixing Web Application Firewalls (WAFs) are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases, i.e., attacks. Once vulnerabilities have been identified, the WAF needs to be fixed by augmenting its rule set to filter attacks without blocking legitimate requests. However, existing research suggests that rule sets are very difficult to understand and too complex to be manually fixed. In this paper, we formalise the problem of fixing vulnerable WAFs as a combinatorial optimisation problem. To solve it, we propose an automated approach that combines machine learning with multi-objective genetic algorithms. Given a set of legitimate requests and bypassing SQL injection attacks, our approach automatically infers regular expressions that, when added to the WAF's rule set, prevent many attacks while letting legitimate requests go through. Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall between 54.6% and 98.3%), while triggering in most cases no or few false positives (false positive rate between 0% and 2%).

show abstract

“…This classification had been improved and IDS were introduced in [2]. Also, there was a considerable amount of work on detecting misconfiguration in IPSec tunnels, firewalls and IDS ( [3], [7] and [15]). These models represent the reality faithfully.…”

Section: Related Workmentioning

confidence: 99%

A specification method for analyzing fine grained network security mechanism configurations

Khoury¹,

Laborde²,

Barrère³

et al. 2013

2013 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

Quick evolution, heterogeneity, interdependence between equipment, and many other factors induce high complexity to network security analysis. Although several approaches have proposed different analysis tools, achieving this task requires experienced and proficient security administrators who can handle all these parameters. The challenge is not to propose a temporary solution but to offer a building block for this large domain, though no approach can be optimal for all tasks. In previous papers, we have proposed a novel formal model of equipment configuration built on data flow attribute-based approach to detect network security conflicts. In this paper, we extend the previous proposed model in order to make it more generic by proving it can handle microscopic analysis. We define a formal analysis method for network security mechanisms. Therefore, we specify our approach in Colored Petri Networks to automate the conflicts analysis and test it on a fine-grained firewall scenario.

show abstract

Handling Stateful Firewall Anomalies

Cited by 24 publications

References 14 publications

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks

A specification method for analyzing fine grained network security mechanism configurations

Contact Info

Product

Resources

About