Figure 14 - uploaded by Kyounggon Kim
Content may be subject to copyright.
![Upstream and Downstream Firewall Concept [8]](profile/Kyounggon-Kim/publication/351294136/figure/fig5/AS:1019554767593472@1620092207029/Upstream-and-Downstream-Firewall-Concept-8.png)
Source publication
![Figure 14. Upstream and Downstream Firewall Concept [8]](profile/Kyounggon-Kim/publication/351294136/figure/fig5/AS:1019554767593472@1620092207029/Upstream-and-Downstream-Firewall-Concept-8_Q320.jpg)
Most of the companies have firewalls in order to protect their internal networks and assets from the attacker of the cyber space. Firewall policies should be maintained and organized with high importance. However, considering the length of time needed in analyzing the highly complex policies and the risks of disabling firewall that may arise in cas...
Citations
... Its visualization model allows to represent all ranges of source and destination IP addresses, thus enabling control on each application service, to identify active and inactive domains, and to detect possible anomalies. Lee et al. [33] propose HSViz, a firewall policy visualization tool that offers multiple view to analyses firewall policies. Among them, the most useful ones are the hierarchy view, which visualizes firewall policy ranges based on destination IP octets at the user's choice, and the anomaly and distributed views, which represent the policy in parallel coordinate charts, easing anomaly detection. ...
The security configuration of firewalls is a complex task that is commonly performed manually by network administrators. As a consequence, among the rules composing firewall policies, they often introduce anomalies, which can be classified into sub-optimizations and conflicts, and which must be solved to allow the expected firewall behavior. The severity of this problem has been recently exacerbated by the increasing size and heterogeneity of next-generation computer networks. In this context, a main research challenge is the definition of approaches that may help the administrators in identifying and resolving the anomalies afflicting the policies they write. However, the strategies proposed in literature are fully automated, and thus potentially dangerous because the error-fixing process is not under human control. Therefore, this paper proposes an optimized approach to provide assisted firewall anomaly detection and resolution. This approach solves automatically only sub-optimizations, while it interacts with human users through explicit queries related to the resolution of conflicts, as their automatic resolution may lead to undesired configurations. The proposed approach also reduces the number of required interactions, with the aim to reduce the workload required to administrators, and employs satisfiability checking techniques to provide a correct-by-construction result. A framework implementing this methodology has been finally evaluated in use cases showcasing its applicability and optimization.
... Machine learning is also used to detect anomalies. However, the accuracy rate of the results by machine learning is not 100% [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24]. The previous work has focused on detecting static firewall anomalies and rule-level anomalies. ...
... It can check inactive areas in partially matched and inclusively matched rules. A visualization tool designed by Lee et al. [17] showed the status and types of policies applied throughout firewalls to resolve the maintenance of firewall policies. ...
... We also evaluate the generation efficiency of the decision tree of anomalies and compare it with the other methods [8,17] in Figure 7. We show the process time of different approaches in Table 2. PolicyVis [8] was based on a single decision tree to detect the anomaly. ...
To solve the problems regarding how to detect anomalous rules with an asymmetric structure, which leads to the firewall not being able to control the packets in and out according to the administrator’s idea, and how to carry out an incremental detection efficiently when the new rules are added, anomaly detection algorithms based on an asymmetric double decision tree were considered. We considered the packet filter, the most common and used type of First Matching Rule, for the practical decision space of each rule and the whole policy. We adopted, based on the asymmetric double decision tree detection model, the policy equivalent decision tree and the policy decision tree of anomalies. Therefore, we can separate the policy’s effective decision space and the anomalous decision space. Using the separated decision trees can realize the optimization of the original policy and the faster incremental detection when adding new rules and generating a detailed report. The simulation results demonstrate that the proposed algorithms are superior to the other decision tree algorithms in detection speed and can achieve incremental detection. The results demonstrate that our approach can save about 33% of the time for complete detection compared with the other approaches, and the time of incremental anomaly detection compared to complete detection is about 90% of the time saved in a complex policy.
In this paper we consider the problem of defending against increasing data exfiltration threats in the domain of cybersecurity. We review existing work on exfiltration threats and corresponding countermeasures. We consider current problems and challenges that need to be addressed to provide a qualitatively better level of protection against data exfiltration. After considering the magnitude of the data exfiltration threat, we outline the objectives of this paper and the scope of the review. We then provide an extensive discussion of present methods of defending against data exfiltration. We note that current methodologies for defending against data exfiltration do not connect well with domain experts, both as sources of knowledge and as partners in decision-making. However, human interventions continue to be required in cybersecurity. Thus, cybersecurity applications are necessarily socio-technical systems which cannot be safely and efficiently operated without considering relevant human factors issues. We conclude with a call for approaches that can more effectively integrate human expertise into defense against data exfiltration.
With the rapid development of medical informatization as well as the larger quantities of information and higher integration level, it has become a severe challenge to keep the core data confidential. In this thesis, the role of next-generation firewall in the medical network has been first introduced. Then, a medical network has been designed and an overall network building scheme aimed at the medical network has been planned based on the actual demand of a hospital. Then, VLAN has been divided and IP address has been planned to each floor. Moreover, relevant protocols and important equipment to be used have been introduced in detail, including DHCP protocol, SNMP protocol, next-generation firewall safety devices. In addition, the IP address of each area has been planned, the connectivity of LAN has been tested and the simulated attack and defense test has been taken based on the deployment principle of next-generation firewall. Furthermore, a detailed introduction of deployment of security policy as well as some common security vulnerabilities on firewall has been made. At last, the attack and defense test of firewall has been taken to prove the efficient protection function of firewall in the medical network and meanwhile prove that next-generation firewall technique could help the hospital solve the network security issues to some extent.
