Paper Info
Title
Implementation of packet filter configurations anomaly detection system with SIERRA
Abstract
Packet filtering in a firewall is one of the useful tools for network security. Packet filtering examines network packet and decides whether to accept, or deny it and this decision is determined by a packet filtering configuration developed by the network administrator. An administrator may find hard to understand and maintain a configuration, and this burden will furthermore be increased to find anomalies between two configurations, especially when the size of filters in a configuration increased. This difficulty may leave the administrator with less confidence that the configurations are correctly and completely implemented. This paper presents a system with SIERRA (A systolic filter sieve array) which can detect the anomalies between two configurations. It provides three functions, side-effects analysis function, equality judgment function, and composition analysis function. Experimental results show that the proposed system is suitable for small network and configurations with large number of filters.
Year
DOI
Venue
2005
10.1007/11602897_39
Lecture Notes in Computer Science
Keywords
Field
DocType
network packet,network administrator,detection system,composition analysis function,large number,equality judgment function,proposed system,network security,packet filter configuration,small network,side-effects analysis function,confidence,filtering,anomaly detection,filter,side effect,packet switching,firewall,anomaly,computer security,distributed system,sieve
Anomaly detection,Packet analyzer,Firewall (construction),Computer science,Network packet,Network security,Filter (signal processing),Algorithm,Network administrator,Packet switching,Distributed computing
Conference
Volume
ISSN
ISBN
3783
0302-9743
3-540-30934-9
Citations 
PageRank 
References 
4
0.47
4
Authors
4
Name
Order
Citations
PageRank
Yi Yin1152.55
Raghuvel S. Bhuvaneswaran2598.98
Yoshiaki Katayama322640.42
naohisa takahashi440.47