A Model for Strengthening Accuracy in Detecting the Anomalous Firewall Rules in Small Network (SADAR)

Abstract

The firewall policy rules is a core technology that has an important role in the network security, through controlling the traffic with income and outgoing the packets over the network. Moreover, the management of the firewall policy rules is a very complicated function and error prone. However, the poor management of the firewall policy rules work on vulnerability the network security and this is the main reasons to cause conflict between two rules or more. The conflict between the rules it called the anomalous firewall policy rules. There are five type of anomalous rules namely (shadowing anomalous, generalization anomalous, correlation anomalous, redundancy anomalous and irrelevance anomalous), each type of anomalous rules has a different degree of overlapping complexity between the rules. We built a model for strengthening accuracy in detecting the anomalous firewall rules in a small network, supported in the detection four type of anomalous rules namely (shadowing, generalization, correlation and redundancy anomalous). We applied different mechanism in matching process, through divided the IP address to four segments in array and matching every element in segment position with other element segment position in the same position and use the subnet mask to select the size of IP range. We applied sixteen different experiment with different dataset sizes in detection the anomalous rules, and we used the confusion matrix in evaluate the result according to overall accuracy, and was the average of previous experiments according to the overall accuracy is 92.71% . We believe that the result was acceptable because not there are any results in related research to compare with it.