DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Abstract

Currently, establishing a private network on the Internet is highly hazardous for attacks as attackers continuously scan computers for vulnerabilities within the connected network. The firewall ranked the highest as a network device is selected to protect unauthorized accesses and attacks. However, firewalls can effectively protect against assaults based on adequately defined rules without any anomalies. In order to resolve anomaly problems and assist firewall admins with the ability to manage the rules effectively, in this paper, a prototype of the decision support system has been designed and developed for encouraging admins to optimize firewall rules and minimize deficiencies that occur in rules by using the probability approach. The experimental results clearly show that the developed model encourages experts and administrators of firewalls to make significant decisions to resolve rule anomalies by expert's confidence increases by 14.8 %, and administrators' confidence soars similarly about 44.2 %. Lastly, the accuracy of correcting rule anomalies is 83 %.