HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis

Lee, Hyunjung; Lee, Suryeon; Kim, Kyounggon; Kim, Huy Kang

doi:10.1109/access.2021.3077146

Cited by 6 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another relevant classes of related work about the topic of firewall anomaly analysis is composed of studies ( [27], [28], [29], [30], [31], [32], [33], [34]) that propose platforms based on Graphic User Interfaces (GUIs), which provide functionalities such as zooming and manual adjustment of the firewall filtering effect areas to help human administrators to identify firewall policy anomalies. Specifically, Tran et al [27] propose PolicyVis, a 2D graphic interface that allows a thorough visualization of all possible firewall behaviors by considering all rules fields, actions and orders.…”

Section: A Firewall Policy Anomaly Analysismentioning

confidence: 99%

“…Its visualization model allows to represent all ranges of source and destination IP addresses, thus enabling control on each application service, to identify active and inactive domains, and to detect possible anomalies. Lee et al [33] propose HSViz, a firewall policy visualization tool that offers multiple view to analyses firewall policies. Among them, the most useful ones are the hierarchy view, which visualizes firewall policy ranges based on destination IP octets at the user's choice, and the anomaly and distributed views, which represent the policy in parallel coordinate charts, easing anomaly detection.…”

Section: A Firewall Policy Anomaly Analysismentioning

confidence: 99%

See 1 more Smart Citation

An Optimized Approach for Assisted Firewall Anomaly Resolution

Bringhenti,

Seno,

Valenza

2023

IEEE Access

View full text Add to dashboard Cite

The security configuration of firewalls is a complex task that is commonly performed manually by network administrators. As a consequence, among the rules composing firewall policies, they often introduce anomalies, which can be classified into sub-optimizations and conflicts, and which must be solved to allow the expected firewall behavior. The severity of this problem has been recently exacerbated by the increasing size and heterogeneity of next-generation computer networks. In this context, a main research challenge is the definition of approaches that may help the administrators in identifying and resolving the anomalies afflicting the policies they write. However, the strategies proposed in literature are fully automated, and thus potentially dangerous because the error-fixing process is not under human control. Therefore, this paper proposes an optimized approach to provide assisted firewall anomaly detection and resolution. This approach solves automatically only sub-optimizations, while it interacts with human users through explicit queries related to the resolution of conflicts, as their automatic resolution may lead to undesired configurations. The proposed approach also reduces the number of required interactions, with the aim to reduce the workload required to administrators, and employs satisfiability checking techniques to provide a correct-by-construction result. A framework implementing this methodology has been finally evaluated in use cases showcasing its applicability and optimization.INDEX TERMS Firewall, policy anomaly management, policy-based systems.

show abstract