Abstract
To solve the problems regarding how to detect anomalous rules with an asymmetric structure, which leads to the firewall not being able to control the packets in and out according to the administrator’s idea, and how to carry out an incremental detection efficiently when the new rules are added, anomaly detection algorithms based on an asymmetric double decision tree were considered. We considered the packet filter, the most common and used type of First Matching Rule, for the practical decision space of each rule and the whole policy. We adopted, based on the asymmetric double decision tree detection model, the policy equivalent decision tree and the policy decision tree of anomalies. Therefore, we can separate the policy’s effective decision space and the anomalous decision space. Using the separated decision trees can realize the optimization of the original policy and the faster incremental detection when adding new rules and generating a detailed report. The simulation results demonstrate that the proposed algorithms are superior to the other decision tree algorithms in detection speed and can achieve incremental detection. The results demonstrate that our approach can save about 33% of the time for complete detection compared with the other approaches, and the time of incremental anomaly detection compared to complete detection is about 90% of the time saved in a complex policy.
Funder
National Natural Science Foundation of China
Fujian Provincial Science and Technology Guidance Project
Open Fund of Fujian Provincial University Engineering Research Center
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference24 articles.
1. Tuplemerge: Fast software packet processing for online packet classification;Daly;IEEE/ACM Trans. Netw.,2019
2. Firewall fingerprinting and denial of firewalling attacks;Liu;IEEE Trans. Inf. Forensics Secur.,2017
3. The 2020 Data Breach Investigations Report—A CSO’s perspective;Jartelius;Netw. Secur.,2020
4. Clincy, V., and Shahriar, H. (2018, January 23–27). Web Application Firewall: Network Security Models and Configuration. Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan.
5. Distributed denial of service attacks: A threat or challenge;Bhandari;New Rev. Inf. Netw.,2019
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献