Communications of the ACM
Improving Network Firewalls
Credit: iStockPhoto.com
Analyzing firewall log files could provide a better assessment of a corporate network's firewall protection. Muhammad Abedin of the University of Texas at Dallas and colleagues believe the constantly changing log files of corporate firewalls can provide more helpful data on computer network traffic.
Researchers have previously developed methods for analyzing firewall rule sets, but the static approaches did not take advantage of log file activity. "By comparing the extracted rules with the original rules, we can easily find if there is any anomaly in the original rules, and if there is any defect in the implementation," the researchers say. "Our experiments show that the effective firewall rules can be regenerated to a high degree of accuracy from just a small amount of data."
The traffic mining approach also can detect anomalies that lead to omissions in the logs themselves.
From EurekAlert
View Full Article
Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA 
No entries found