Policy Anomaly Detection for Distributed IPv6 Firewalls

被引:0
|
作者
Lorenz, Claas [1 ,2 ]
Schnor, Bettina [2 ]
机构
[1] Genua Mbh, Kirchheim, Germany
[2] Potsdam Univ, Inst Computat Sci, Potsdam, Germany
来源
2015 12TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (ICETE), VOL 4 | 2015年
关键词
Security; Firewalls; IPv6; Model-Checking; DISCOVERY;
D O I
暂无
中图分类号
F [经济];
学科分类号
02 ;
摘要
Concerning the design of a security architecture, Firewalls play a central role to secure computer networks. Facing the migration of IPv4 to IPv6, the setup of capable firewalls and network infrastructures will be necessary. The semantic differences between IPv4 and IPv6 make misconfigurations possible that may cause a lower performance or even security problems. For example, a cycle in a firewall configuration allows an attacker to craft network packets that may result in a Denial of Service. This paper investigates model checking techniques for automated policy anomaly detection. It shows that with a few adoptions existing approaches can be extended to support the IPv6 protocol with its specialities like the tremendously larger address space or extension headers. The performance is evaluated empirically by measurements with our prototype implementation ad6.
引用
收藏
页码:210 / 219
页数:10
相关论文
共 50 条
  • [1] Anomaly Detection in IPv4 and IPv6 Networks Using Machine Learning
    Vrat, Bhanu
    Aggarwal, Nikhil
    Venkatesan, S.
    2015 ANNUAL IEEE INDIA CONFERENCE (INDICON), 2015,
  • [2] FaVe: Modeling IPv6 Firewalls for Fast Formal Verification
    Lorenz, Claas
    Kiekheben, Sebastian
    Schnor, Bettina
    2017 INTERNATIONAL CONFERENCE ON NETWORKED SYSTEMS (NETSYS), 2017,
  • [3] Evaluating the performance of IPv6 with IPv4 and its Distributed Security Policy
    Vineeth, M. V.
    Rejimoan, R.
    2013 IEEE CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES (ICT 2013), 2013, : 59 - 63
  • [4] Distributed IPv6 multihoming support
    Choi, DH
    Kim, KI
    Kim, HJ
    Kim, SH
    APCC 2003: 9TH ASIA-PACIFIC CONFERENCE ON COMMUNICATION, VOLS 1-3, PROCEEDINGS, 2003, : 1097 - 1101
  • [5] IPv6 distributed security: Problem statement
    Vives, A
    Palet, J
    2005 SYMPOSIUM ON APPLICATIONS AND THE INTERNET WORKSHOPS, PROCEEDINGS, 2005, : 18 - 21
  • [6] Distributed Intrusion Detection and Research of Fragment Attack Based-on IPv6
    Yun, Ke
    Yan, Li
    COMPUTATIONAL MATERIALS SCIENCE, PTS 1-3, 2011, 268-270 : 1797 - +
  • [7] Anomaly detection of policies in distributed firewalls using data log analysis
    Azam Andalib
    Seyed Morteza Babamir
    The Journal of Supercomputing, 2023, 79 : 19473 - 19514
  • [8] A Conflict Detection Method for IPv6 Time-Based Firewall Policy
    Zhang, Xue
    Yin, Yi
    Liu, Wei
    Peng, Zhizhen
    Zhang, Guoqiang
    Wang, Yun
    Tateiwa, Yuichiro
    Takahashi, Naohisa
    2019 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM 2019), 2019, : 435 - 442
  • [9] Anomaly detection of policies in distributed firewalls using data log analysis
    Andalib, Azam
    Babamir, Seyed Morteza
    JOURNAL OF SUPERCOMPUTING, 2023, 79 (17): : 19473 - 19514
  • [10] Design and Implementation of Distributed Firewall System for IPv6
    Lai, Yingxu
    Jiang, Guangzhi
    Li, Jian
    Yang, Zhen
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON COMMUNICATION SOFTWARE AND NETWORKS, 2009, : 428 - 432
12345