Policies Conflict Detection Algorithm Coordinated Defense-oriented of Firewall and IDS/IPS

Abstract

Abstract: Coping with the distributed and complex threaten of networking attack, the requirement of coordinated defense of Firewall and IDS/IPS are becoming more and more urgent. As the existence of uncertainty of the judgment of Intrusion performed by IDS/IPS, Firewall and IDS/IPS often perform contradict action, that the same package matched the both rules of Firewall and IDS/IPS, and conflict arose, which would lead to illegal access control or deny of legal access control. The policies conflict detection algorithm of coordinated defense of Firewall and IDS/IPS were researched. The semantic models of firewall policy and IDS/IPS policy were proposed, the classification of the policies conflicts was proposed, and the conflicts detection algorithm of policies were proposed using OBDD (ordered binary decision diagram). The experiment demonstrates the correctness and scalability of the algorithm, and the proportion of the conflicts in real network scenario.

Key words: firewall, coordinated defense, conflict detection, ordered binary decision diagram

CLC Number:

TP301

Qiu Song, Jiao Jian, Zhang Dongyang. Policies Conflict Detection Algorithm Coordinated Defense-oriented of Firewall and IDS/IPS[J]. Journal of System Simulation, 2015, 27(11): 2770-2777.

References

[1] Karen Scarfone, Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS) [EB/OL]. (2007-02) [2014-06].http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf.
[2] Andy Cuff Intrusion Detection Terminology [EB/OL]. (2010-02) [2014-06] www.securityfocus.com/infocus/1728
[3] Al-Shae E S, Hamed H H. Firewall Policy Advisor for anomaly discovery and rule editing[C]// IFIP/IEEE Eighth International Symposium on Integrated Network Management. USA: IEEE, 2003 (5): 17-30.
[4] E Al-Shaer, H Hamed.Discovery of policy anomalies in distributed firewalls[C]// IEEE INFOCOM. USA: IEEE, 2004(4): 2605-2616.
[5] Al-Shaer E, Hamed H, Boutaba R, et al. Conflict classification and analysis of distributed firewall policies[J]. IEEE Journal on Selected Areas in Communications (S0733-8716), 2005, 23(10): 2069-2084.
[6] Hu H, Ahn G J, Kulkarni K.FAME: a firewall anomaly management environment[C]// Proceedings of the 3rd ACM workshop on Assurable and usable security configuration. USA: ACM, 2010: 17-26.
[7] Hu H, Ahn G J, Kulkarni K.Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on Dependable and Secure Computing (S1545-5971), 2012, 9(3): 318-331.
[8] Hamed H, Al-Shaer E, Marrero W. Modeling and verification of IPSec and VPN security policies [C]// 13th IEEE International Conference on Network Protocols. USA: IEEE, 2005 (11).
[9] Hamed H, Al-Shaer E.Taxonomy of conflicts in network security policies[J]. Communications Magazine (S0163-6804), 2006, 44(3): 134-141.
[10] S Ferraresi, S Pesic, L Trazza, et al. Automatic Conflict Analysis and Resolution of Traffic Filtering Policy for Firewall and Security Gateway[C]// IEEE International Conference on Communications. USA: IEEE, 2007: 1304-1310.
[11] Gobjuka H, Ahmat K A.Fast and scalable method for resolving anomalies in firewall policies[C]// 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). USA: IEEE. 2011: 828-833.
[12] Stakhanova N, L Yao, A A Ghorbani. Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices[C]// Privacy, Security, Trust and the Management of e-Business, 2009. USA: IEEE. 2009: 29-37.
[13] J Alfaro, N Boulahia-Cuppens, F Cuppens.Complete analysis of configuration rules to guarantee reliable network security policies[J]. International Journal of Information Security (S1615-5262), 2008, 7(2): 103-122.
[14] A Westerinen, J Schnizlein, J Strassner, et al. Terminology for Policy-Based Management [EB/OL]. (2001-11) [2014-07] http://www.rfc-editor.org/rfc/rfc3198.txt
[15] J Lind-Nielsen. The buddy obdd package [Z/OL]. http://www.bddportal.org/buddy.html.2005.
[16] 古天龙, 徐周波. 有序二叉决策图及应用 [M]. 北京: 科学出版社, 2000: 30-45.