• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/
Menu

An Inference Method of Stateless Firewall Policy Considering Attack Detection Threshold


Hyeonwoo Kim, Dongwoo Kwon, Hongtaek Ju, Journal of Internet Computing and Services, Vol. 16, No. 2, pp. 27-40, Apr. 2015
10.7472/jksii.2015.16.2.27, Full Text:
Keywords: Stateless Firewall, Policy Inference, Attack Detection Threshold, Active Probing, Inference Parameters, Sweep-line Algorithm

Abstract

Inferring firewall policy is to discover firewall policy by analyzing response packets as results of active probing without any prior information. However, a brute-force approach for generating probing packets is unavailable because the probing packets may be regarded as attack traffic and blocked by attack detection threshold of a firewall. In this paper, we propose a firewall policy inference method using an efficient probing algorithm which considers the number of source IP addresses, maximum probing packets per second and interval size of adjacent sweep lines as inference parameters to avoid detection. We then verify whether the generated probing packets are classified as network attack patterns by a firewall, and present the result of evaluation of the correctness by comparing original firewall policy with inferred firewall policy.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Kim, H., Kwon, D., & Ju, H. (2015). An Inference Method of Stateless Firewall Policy Considering Attack Detection Threshold. Journal of Internet Computing and Services, 16(2), 27-40. DOI: 10.7472/jksii.2015.16.2.27.

[IEEE Style]
H. Kim, D. Kwon, H. Ju, "An Inference Method of Stateless Firewall Policy Considering Attack Detection Threshold," Journal of Internet Computing and Services, vol. 16, no. 2, pp. 27-40, 2015. DOI: 10.7472/jksii.2015.16.2.27.

[ACM Style]
Hyeonwoo Kim, Dongwoo Kwon, and Hongtaek Ju. 2015. An Inference Method of Stateless Firewall Policy Considering Attack Detection Threshold. Journal of Internet Computing and Services, 16, 2, (2015), 27-40. DOI: 10.7472/jksii.2015.16.2.27.