Firewalls Policies Based on Software Defined Networking: A survey

Software-Defined Networking (SDN) introduces granularity, visibility and flexibility to networking, which separates the control-logic from networking devices. SDN programmatically modifies the functionality and behaviour of network devices. It separates control plane and data plane, and thus provides centralized control. Though SDN provides better performance but there are some security issues that need to be taken care of. This includes firewalls, monitoring applications, IDS(Intrusion detection systems) etc. Therefore, this research work reviews the related approaches which have been proposed by identifying their firewall scope, their practicability, their advantages and drawbacks related with SDN. This paper describes the firewall policies as the forth new security challenges.Keywords: Software defined networking, Architecture, OpenFlow, Firewalls, Anomaly detectio

Firewall Rule Set Analysis and Visualization

abstract: A firewall is a necessary component for network security and just like any regular equipment it requires maintenance. To keep up with changing cyber security trends and threats, firewall rules are modified frequently. Over time such modifications increase the complexity, size and verbosity of firewall rules. As the rule set grows in size, adding and modifying rule becomes a tedious task. This discourages network administrators to review the work done by previous administrators before and after applying any changes. As a result the quality and efficiency of the firewall goes down. Modification and addition of rules without knowledge of previous rules creates anomalies like shadowing and rule redundancy. Anomalous rule sets not only limit the efficiency of the firewall but in some cases create a hole in the perimeter security. Detection of anomalies has been studied for a long time and some well established procedures have been implemented and tested. But they all have a common problem of visualizing the results. When it comes to visualization of firewall anomalies, the results do not fit in traditional matrix, tree or sunburst representations. This research targets the anomaly detection and visualization problem. It analyzes and represents firewall rule anomalies in innovative ways such as hive plots and dynamic slices. Such graphical representations of rule anomalies are useful in understanding the state of a firewall. It also helps network administrators in finding and fixing the anomalous rules.Dissertation/ThesisMasters Thesis Computer Science 201

Towards Optimization of Anomaly Detection Using Autonomous Monitors in DevOps

Continuous practices including continuous integration, continuous testing, and continuous deployment are foundations of many software development initiatives. Another very popular industrial concept, DevOps, promotes automation, collaboration, and monitoring, to even more empower development processes. The scope of this thesis is on continuous monitoring and the data collected through continuous measurement in operations as it may carry very valuable details on the health of the software system. Aim: We aim to explore and improve existing solutions for managing monitoring data in operations, instantiated in the specific industry context. Specifically, we collaborated with a Swedish company responsible for ticket management and sales in public transportation to identify challenges in the information flow from operations to development and explore approaches for improved data management inspired by state-of-the-art machine learning (ML) solutions.Research approach: Our research activities span from practice to theory and from problem to solution domain, including problem conceptualization, solution design, instantiation, and empirical validation. This complies with the main principles of the design science paradigm mainly used to frame problem-driven studies aiming to improve specific areas of practice. Results: We present identified problem instances in the case company considering the general goal of better incorporating feedback from operations to development and corresponding solution design for reducing information overflow, e.g. alert flooding, by introducing a new element, a smart filter, in the feedback loop. Therefore, we propose a simpler version of the solution design based on ML decision rules as well as a more advanced deep learning (DL) alternative. We have implemented and partially evaluated the former solution design while we present the plan for implementation and optimization of the DL version of the smart filter, as a kind of autonomous monitor. Conclusion: We propose using a smart filter to tighten and improve feedback from operations to development. The smart filter utilizes operations data to discover anomalies and timely report alerts on strange and unusual system's behavior. Full-scale implementation and empirical evaluation of the smart filter based on the DL solution will be carried out in future work

Predicting Network Attacks Using Ontology-Driven Inference

Graph knowledge models and ontologies are very powerful modeling and re asoning tools. We propose an effective approach to model network attacks and attack prediction which plays important roles in security management. The goals of this study are: First we model network attacks, their prerequisites and consequences using knowledge representation methods in order to provide description logic reasoning and inference over attack domain concepts. And secondly, we propose an ontology-based system which predicts potential attacks using inference and observing information which provided by sensory inputs. We generate our ontology and evaluate corresponding methods using CAPEC, CWE, and CVE hierarchical datasets. Results from experiments show significant capability improvements comparing to traditional hierarchical and relational models. Proposed method also reduces false alarms and improves intrusion detection effectiveness.Comment: 9 page

A systematic review of data quality issues in knowledge discovery tasks

Hay un gran crecimiento en el volumen de datos porque las organizaciones capturan permanentemente la cantidad colectiva de datos para lograr un mejor proceso de toma de decisiones. El desafío mas fundamental es la exploración de los grandes volúmenes de datos y la extracción de conocimiento útil para futuras acciones por medio de tareas para el descubrimiento del conocimiento; sin embargo, muchos datos presentan mala calidad. Presentamos una revisión sistemática de los asuntos de calidad de datos en las áreas del descubrimiento de conocimiento y un estudio de caso aplicado a la enfermedad agrícola conocida como la roya del café.Large volume of data is growing because the organizations are continuously capturing the collective amount of data for better decision-making process. The most fundamental challenge is to explore the large volumes of data and extract useful knowledge for future actions through knowledge discovery tasks, nevertheless many data has poor quality. We presented a systematic review of the data quality issues in knowledge discovery tasks and a case study applied to agricultural disease named coffee rust