Title: Dynamic Response in Distributed Firewall Systems
Published: February 2005
Authors: Mohamed Taibah, Ehab Al-Shaer and Hazem Hamed
Abstract: Firewalls are currently the prominent defense against network attacks. These devices can play a crucial role in preserving the wellbeing of commercial as well as personal networks. However, the correct configuration of firewalls is hardly a trivial task, especially in distributed environments. A variety of anomalies can affect the proper functioning of firewalls. This paper discusses possible firewall anomalies in the single and distributed firewall cases. A formalization of the rule anomaly discovery problem is presented. As an application of the anomaly discovery algorithm, we overview an autonomous defense system to counter Internet worms. General components of such system are presented in a general envisioned design. Several research problems are presented in the context of such system.
Full Paper: [pdf]