detection of abnormalities in the semantic rules for filtering firewalls

摘要

firewalls are physical or logical computing devices provide the interface between two or more networks in order to control the flow of packets through the tcp / ip there. to do so, they are based on a list of rules for filtering on the security policy is applied.however, the list of rules for filtering, due to configuration errors, can understand the anomalies. this patent provides a new classification of anomalies between the rules of screening; there are, in fact, between the syntactic and semantic anomalies anomalies.the syntactic anomaly is defined as the generation of errors in the filtering rules with inconsistency and conflict between the response of the firewall and security policy is needed.semantic anomalies, the present invention defines and proves the existence of the security logic flaws, which may exist in a filtering rule, or a combination of various standards and can be used by an intruder to attack it in use a legitimate data flows. the semantic anomaly detection, therefore, is a crucial and urgent task.in addition, it can strengthen security at the border of the network, to block the maximum attempted attacks based on tcp / ip packet handling, ease of intrusion sensors and probes, balancing the load between all systems security is made and, therefore, the high speed growing.