SlideShare a Scribd company logo

Cross domain privacy-preserving cooperative firewall optimization

Download as DOCX, PDF
JPINFOTECH JAYAPRAKASH
JPINFOTECH JAYAPRAKASH

This document proposes a novel framework for cross-domain firewall policy optimization that preserves privacy. It involves cooperative computation between firewalls from different administrative domains to identify redundant rules without disclosing full policies. Evaluation on real firewall policies found the method could remove up to 49% of rules on average 19.4% with communication costs under a few hundred kilobytes and no online processing overhead.

EducationTechnology
1 of 9
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization ABSTRACT: Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for improving network performance. Prior work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall optimization across administrative domains for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49% of the rules in a firewall, whereas the average is 19.4%.
The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing overhead, and the offline processing time is less than a few hundred seconds. ARCHITECTURE: AIM: To provide an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions.
SYNOPSIS: A novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation among those rules. We also introduce a flexible conflict resolution method to enable a fine grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition. EXISTING SYSTEM: Prior work on firewall optimization focuses on either intrafirewall optimization, or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. Firewall policy management is a challenging task due to the complexity and interdependency of policy rules. This is further exacerbated by the continuous evolution of network and system environments.
The process of configuring a firewall is tedious and error prone. Therefore, effective mechanisms and tools for policy management are crucial to the success of firewalls. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, with the goal of detecting policy anomalies have been introduced. Firewall Policy Advisor only has the capability of detecting pair wise anomalies in firewall rules. FIREMAN can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all preceding rules. However, FIREMAN also has limitations in detecting anomalies. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only show that there is a misconfiguration between one rule and its preceding rules, but cannot accurately indicate all rules involved in an anomaly. DISADVANTAGES OF EXISTING SYSTEM: The number of rules in a firewall significantly affects its throughput. Fireman can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived
from all preceding rules. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis. PROPOSED SYSTEM: In this paper, we represent a novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation (either conflicting or redundant) among those rules. We also introduce a flexible conflict resolution method to enable a fine-grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.
ADVANTAGES OF PROPOSED SYSTEM: In our framework conflict detection and resolution, conflicting segments are identified in the first step. Each conflicting segment associates with a policy conflict and a set of conflicting rules. Also, the correlation relationships among conflicting segments are identified and conflict correlation groups are derived. Policy conflicts belonging to different conflict correlation groups can be resolved separately, thus the searching space for resolving conflicts is reduced by the correlation process. MODULES: Correlation of Packet Space Segment Action Constraint Generation Rule Reordering Data Package
MODULES DESCRIPTION: Correlation of Packet Space Segment: The major benefit of generating correlation groups for the anomaly analysis is that anomalies can be examined within each group independently, because all correlation groups are independent of each other. Especially, the searching space for reordering conflicting rules in conflict resolution can be significantly lessened and the efficiency of resolving conflicts can be greatly improved. Action Constraint Generation: In a firewall policy are discovered and conflict correlation groups are identified, the risk assessment for conflicts is performed. The risk levels of conflicts are in turn utilized for both automated and manual strategy selections. A basic idea of automated strategy selection is that a risk level of a conflicting segment is used to directly determine the expected action taken for the network packets in the conflicting segment. If the risk level is very high, the expected action should deny packets considering the protection of network perimeters Rule Reordering: The solution for conflict resolution is that all action constraints for conflicting segments can be satisfied by reordering conflicting rules. In conflicting rules in
order that satisfies all action constraints, this order must be the optimal solution for the conflict resolution. Data Package: When conflicts in a policy are resolved, the risk value of the resolved policy should be reduced and the availability of protected network should be improved comparing with the situation prior to conflict resolution based on the threshold value data will be received in to the server. SYSTEM CONFIGURATION:- H/W SYSTEM CONFIGURATION:-  Processor -Pentium –III  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Floppy Drive - 1.44 MB  Key Board - Standard Windows Keyboard
 Mouse - Two or Three Button Mouse  Monitor - SVGA S/W System Configuration:-  Operating System : Windows95/98/2000/XP  Front End : Java REFERENCE: Fei Chen, Bezawada Bruhadeshwar, and Alex X. Liu, “Cross-Domain Privacy- Preserving Cooperative Firewall Optimization”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 21, NO. 3, JUNE 2013

Recommended

An Effective Policy Anomaly Management Framework for Firewalls
An Effective Policy Anomaly Management Framework for FirewallsAn Effective Policy Anomaly Management Framework for Firewalls
An Effective Policy Anomaly Management Framework for Firewalls
IJMER
 
Auto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyAuto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall Policy
IOSR Journals
 
A Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in FirewallA Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in Firewall
ijsrd.com
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.com
phanleson
 
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
ijsrd.com
 
Firewall
FirewallFirewall
Firewall
Nishant Pahad
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...
eSAT Publishing House
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 

Recommended

An Effective Policy Anomaly Management Framework for Firewalls
An Effective Policy Anomaly Management Framework for FirewallsAn Effective Policy Anomaly Management Framework for Firewalls
An Effective Policy Anomaly Management Framework for Firewalls
IJMER
 
Auto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyAuto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall Policy
IOSR Journals
 
A Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in FirewallA Novel Management Framework for Policy Anomaly in Firewall
A Novel Management Framework for Policy Anomaly in Firewall
ijsrd.com
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.com
phanleson
 
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
ijsrd.com
 
Firewall
FirewallFirewall
Firewall
Nishant Pahad
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...
eSAT Publishing House
 
A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...A secure scheme against power exhausting attacks in hierarchical wireless sen...
A secure scheme against power exhausting attacks in hierarchical wireless sen...Nexgen Technology
 
Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...
JPINFOTECH JAYAPRAKASH
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Privacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignmentPrivacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignment
JPINFOTECH JAYAPRAKASH
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
JPINFOTECH JAYAPRAKASH
 
Beyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web informationBeyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web information
JPINFOTECH JAYAPRAKASH
 
Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...
JPINFOTECH JAYAPRAKASH
 
Dynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in cloudsDynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in clouds
JPINFOTECH JAYAPRAKASH
 
Pmse a personalized mobile search engine
Pmse a personalized mobile search enginePmse a personalized mobile search engine
Pmse a personalized mobile search engine
JPINFOTECH JAYAPRAKASH
 
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
JPINFOTECH JAYAPRAKASH
 
Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...
JPINFOTECH JAYAPRAKASH
 
Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...
JPINFOTECH JAYAPRAKASH
 
Sort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systemsSort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systems
JPINFOTECH JAYAPRAKASH
 
Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...
JPINFOTECH JAYAPRAKASH
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryption
JPINFOTECH JAYAPRAKASH
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
JPINFOTECH JAYAPRAKASH
 
Cost based optimization of service compositions
Cost based optimization of service compositionsCost based optimization of service compositions
Cost based optimization of service compositions
JPINFOTECH JAYAPRAKASH
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
JPINFOTECH JAYAPRAKASH
 
Adaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networksAdaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networks
JPINFOTECH JAYAPRAKASH
 
Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...
Editor IJMTER
 
Dp4301696701
Dp4301696701Dp4301696701
Dp4301696701
IJERA Editor
 
Traffic aware dynamic
Traffic aware dynamicTraffic aware dynamic
Traffic aware dynamic
Justin Cletus
 
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationCross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationVenkatavarma Vegiraju
 

More Related Content

Viewers also liked

Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...
JPINFOTECH JAYAPRAKASH
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
JPINFOTECH JAYAPRAKASH
 
Privacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignmentPrivacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignment
JPINFOTECH JAYAPRAKASH
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
JPINFOTECH JAYAPRAKASH
 
Beyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web informationBeyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web information
JPINFOTECH JAYAPRAKASH
 
Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...
JPINFOTECH JAYAPRAKASH
 
Dynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in cloudsDynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in clouds
JPINFOTECH JAYAPRAKASH
 
Pmse a personalized mobile search engine
Pmse a personalized mobile search enginePmse a personalized mobile search engine
Pmse a personalized mobile search engine
JPINFOTECH JAYAPRAKASH
 
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
JPINFOTECH JAYAPRAKASH
 
Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...
JPINFOTECH JAYAPRAKASH
 
Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...
JPINFOTECH JAYAPRAKASH
 
Sort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systemsSort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systems
JPINFOTECH JAYAPRAKASH
 
Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...
JPINFOTECH JAYAPRAKASH
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryption
JPINFOTECH JAYAPRAKASH
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
JPINFOTECH JAYAPRAKASH
 
Cost based optimization of service compositions
Cost based optimization of service compositionsCost based optimization of service compositions
Cost based optimization of service compositions
JPINFOTECH JAYAPRAKASH
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
JPINFOTECH JAYAPRAKASH
 
Adaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networksAdaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networks
JPINFOTECH JAYAPRAKASH
 

Viewers also liked (18)

Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...Secure encounter based mobile social networks requirements, designs, and trad...
Secure encounter based mobile social networks requirements, designs, and trad...
 
A highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networksA highly scalable key pre distribution scheme for wireless sensor networks
A highly scalable key pre distribution scheme for wireless sensor networks
 
Privacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignmentPrivacy preserving data sharing with anonymous id assignment
Privacy preserving data sharing with anonymous id assignment
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
 
Beyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web informationBeyond text qa multimedia answer generation by harvesting web information
Beyond text qa multimedia answer generation by harvesting web information
 
Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...Attribute aware data aggregation using potential-based dynamic routing n wire...
Attribute aware data aggregation using potential-based dynamic routing n wire...
 
Dynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in cloudsDynamic audit services for outsourced storages in clouds
Dynamic audit services for outsourced storages in clouds
 
Pmse a personalized mobile search engine
Pmse a personalized mobile search enginePmse a personalized mobile search engine
Pmse a personalized mobile search engine
 
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
Cooperative packet delivery in hybrid wireless mobile networks a coalitional ...
 
Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...Anonymization of centralized and distributed social networks by sequential cl...
Anonymization of centralized and distributed social networks by sequential cl...
 
Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...Distributed processing of probabilistic top k queries in wireless sensor netw...
Distributed processing of probabilistic top k queries in wireless sensor netw...
 
Sort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systemsSort a self o rganizing trust model for peer-to-peer systems
Sort a self o rganizing trust model for peer-to-peer systems
 
Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...Efficient rekeying framework for secure multicast with diverse subscription-p...
Efficient rekeying framework for secure multicast with diverse subscription-p...
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryption
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
 
Cost based optimization of service compositions
Cost based optimization of service compositionsCost based optimization of service compositions
Cost based optimization of service compositions
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
 
Adaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networksAdaptive position update for geographic routing in mobile ad hoc networks
Adaptive position update for geographic routing in mobile ad hoc networks
 

Similar to Cross domain privacy-preserving cooperative firewall optimization

Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...
Editor IJMTER
 
Dp4301696701
Dp4301696701Dp4301696701
Dp4301696701
IJERA Editor
 
Traffic aware dynamic
Traffic aware dynamicTraffic aware dynamic
Traffic aware dynamic
Justin Cletus
 
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationCross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationVenkatavarma Vegiraju
 
Review on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewallReview on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewall
eSAT Publishing House
 
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
IRJET Journal
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...
eSAT Journals
 
Untitled document(2).pdf
Untitled document(2).pdfUntitled document(2).pdf
Untitled document(2).pdf
hadaf44
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
IJCNCJournal
 
A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...
IJCNCJournal
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
BluechipComputerSyst
 
Firewall
FirewallFirewall
Firewall
Shamima Akther
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET Journal
 
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
IJIR JOURNALS IJIRUSA
 
secure mining of association rules in horizontally distributed databases
secure mining of association rules in horizontally distributed databasessecure mining of association rules in horizontally distributed databases
secure mining of association rules in horizontally distributed databases
swathi78
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17
redpel dot com
 
42
4242
42
ieeeprojectsvadapalani
 

Similar to Cross domain privacy-preserving cooperative firewall optimization (20)

Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...
 
Dp4301696701
Dp4301696701Dp4301696701
Dp4301696701
 
Traffic aware dynamic
Traffic aware dynamicTraffic aware dynamic
Traffic aware dynamic
 
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall OptimizationCross-Domain Privacy-Preserving Cooperative Firewall Optimization
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization
 
Review on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewallReview on redundancy removal of rules for optimizing firewall
Review on redundancy removal of rules for optimizing firewall
 
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
Using Data Mining for Discovering Anomalies from Firewall Logs: a Comprehensi...
 
Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...Redundancy removal of rules with reordering them to increase the firewall opt...
Redundancy removal of rules with reordering them to increase the firewall opt...
 
Untitled document(2).pdf
Untitled document(2).pdfUntitled document(2).pdf
Untitled document(2).pdf
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
 
A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...
 
Firewall
FirewallFirewall
Firewall
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
 
Firewall
FirewallFirewall
Firewall
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
 
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
 
secure mining of association rules in horizontally distributed databases
secure mining of association rules in horizontally distributed databasessecure mining of association rules in horizontally distributed databases
secure mining of association rules in horizontally distributed databases
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17
 
42
4242
42
 

Recently uploaded

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
Fundacja Rozwoju Społeczeństwa Przedsiębiorczego
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
AzmatAli747758
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 

Recently uploaded (20)

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 

Cross domain privacy-preserving cooperative firewall optimization

  • 1. Cross-Domain Privacy-Preserving Cooperative Firewall Optimization ABSTRACT: Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for improving network performance. Prior work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall optimization across administrative domains for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49% of the rules in a firewall, whereas the average is 19.4%.
  • 2. The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing overhead, and the offline processing time is less than a few hundred seconds. ARCHITECTURE: AIM: To provide an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions.
  • 3. SYNOPSIS: A novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation among those rules. We also introduce a flexible conflict resolution method to enable a fine grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition. EXISTING SYSTEM: Prior work on firewall optimization focuses on either intrafirewall optimization, or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. Firewall policy management is a challenging task due to the complexity and interdependency of policy rules. This is further exacerbated by the continuous evolution of network and system environments.
  • 4. The process of configuring a firewall is tedious and error prone. Therefore, effective mechanisms and tools for policy management are crucial to the success of firewalls. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, with the goal of detecting policy anomalies have been introduced. Firewall Policy Advisor only has the capability of detecting pair wise anomalies in firewall rules. FIREMAN can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all preceding rules. However, FIREMAN also has limitations in detecting anomalies. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only show that there is a misconfiguration between one rule and its preceding rules, but cannot accurately indicate all rules involved in an anomaly. DISADVANTAGES OF EXISTING SYSTEM: The number of rules in a firewall significantly affects its throughput. Fireman can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived
  • 5. from all preceding rules. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis. PROPOSED SYSTEM: In this paper, we represent a novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation (either conflicting or redundant) among those rules. We also introduce a flexible conflict resolution method to enable a fine-grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.
  • 6. ADVANTAGES OF PROPOSED SYSTEM: In our framework conflict detection and resolution, conflicting segments are identified in the first step. Each conflicting segment associates with a policy conflict and a set of conflicting rules. Also, the correlation relationships among conflicting segments are identified and conflict correlation groups are derived. Policy conflicts belonging to different conflict correlation groups can be resolved separately, thus the searching space for resolving conflicts is reduced by the correlation process. MODULES: Correlation of Packet Space Segment Action Constraint Generation Rule Reordering Data Package
  • 7. MODULES DESCRIPTION: Correlation of Packet Space Segment: The major benefit of generating correlation groups for the anomaly analysis is that anomalies can be examined within each group independently, because all correlation groups are independent of each other. Especially, the searching space for reordering conflicting rules in conflict resolution can be significantly lessened and the efficiency of resolving conflicts can be greatly improved. Action Constraint Generation: In a firewall policy are discovered and conflict correlation groups are identified, the risk assessment for conflicts is performed. The risk levels of conflicts are in turn utilized for both automated and manual strategy selections. A basic idea of automated strategy selection is that a risk level of a conflicting segment is used to directly determine the expected action taken for the network packets in the conflicting segment. If the risk level is very high, the expected action should deny packets considering the protection of network perimeters Rule Reordering: The solution for conflict resolution is that all action constraints for conflicting segments can be satisfied by reordering conflicting rules. In conflicting rules in
  • 8. order that satisfies all action constraints, this order must be the optimal solution for the conflict resolution. Data Package: When conflicts in a policy are resolved, the risk value of the resolved policy should be reduced and the availability of protected network should be improved comparing with the situation prior to conflict resolution based on the threshold value data will be received in to the server. SYSTEM CONFIGURATION:- H/W SYSTEM CONFIGURATION:-  Processor -Pentium –III  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Floppy Drive - 1.44 MB  Key Board - Standard Windows Keyboard
  • 9.  Mouse - Two or Three Button Mouse  Monitor - SVGA S/W System Configuration:-  Operating System : Windows95/98/2000/XP  Front End : Java REFERENCE: Fei Chen, Bezawada Bruhadeshwar, and Alex X. Liu, “Cross-Domain Privacy- Preserving Cooperative Firewall Optimization”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 21, NO. 3, JUNE 2013