Ant colony optimization-based firewall anomaly mitigation engine.

Ravi Kiran Varma Penmatsa,Srinivas Kumar Samayamantula,Valli Kumari Vatsavayi

doi:10.1186/s40064-016-2489-6

Abstract

A firewall is the most essential component of network perimeter security. Due to human error and the involvement of multiple administrators in configuring firewall rules, there exist common anomalies in firewall rulesets such as Shadowing, Generalization, Correlation, and Redundancy. There is a need for research on efficient ways of resolving such anomalies. The challenge is also to see that the reordered or resolved ruleset conforms to the organization’s framed security policy. This study proposes an ant colony optimization (ACO)-based anomaly resolution and reordering of firewall rules called ACO-based firewall anomaly mitigation engine. Modified strategies are also introduced to automatically detect these anomalies and to minimize manual intervention of the administrator. Furthermore, an adaptive reordering strategy is proposed to aid faster reordering when a new rule is appended. The proposed approach was tested with different firewall policy sets. The results were found to be promising in terms of the number of conflicts resolved, with minimal availability loss and marginal security risk. This work demonstrated the application of a metaheuristic search technique, ACO, in improving the performance of a packet-filter firewall with respect to mitigating anomalies in the rules, and at the same time demonstrated conformance to the security policy.

Highlights

A firewall is one of the most vital network defense components that can be used to filter unsolicited traffic
The Trust Factor (TF)-based Action Constraint Generation has reduced the Availability Loss and increased the chance of the resolved ruleset conforming to the security policy
The bio-inspired Ant Colony Optimization algorithm proved successful in finding the best possible reordering of firewall rules, which can resolve more conflicts than existing methods can at a cost of increased computational time for larger rule sizes

Summary

Introduction

A firewall is one of the most vital network defense components that can be used to filter unsolicited traffic. “Action Constraints” were generated for the conflicted segments, and reordering of rules was performed based on these action constraints. Rule reordering and redundancy removal Once Segmentation, Conflict Group Formation, and Action Constraint Generation is performed, based on the results, the administrator can manually change the order of the rules to eliminate conflicts.

Results

Conclusion