Firewall Policy Reconnaissance: Techniques and Analysis
作者: Muhammad Qasim Ali , Ehab Al-Shaer , Taghrid Samak
DOI: 10.1109/TIFS.2013.2296874
关键词:
摘要: In the past decade, scanning has been widely used as a reconnaissance technique to gather critical network information launch follow up attack. To combat, numerous intrusion detectors have proposed. However, methodologies shifted next-generation paradigm be evasive. The techniques are intelligent and stealthy. These use low volume packet sequence calculation for victim selection more Previously, we proposed models firewall policy that set bound learning accuracy well put minimum requirements on number of probes. We presented reconstructing by intelligently choosing probing packets based responses previous this paper, show statistical analysis these discuss their evasiveness along with improvement. First, present previously two followed current detectors. Based analysis, still exhibit pattern thus can detected. then develop hybrid approach maximize benefit combining heuristics.
acm.org
sci-hub.se 参考文章(24)
Ayesha Binte Ashfaq, Maria Joseph Robert, Asma Mumtaz, Muhammad Qasim Ali, Ali Sajjad, Syed Ali Khayam, A Comparative Evaluation of Anomaly Detectors under Portscan Attacks recent advances in intrusion detection. pp. 351- 371 ,(2008) , 10.1007/978-3-540-87403-4_19
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Ehab S. Al-Shaer, Hazem H. Hamed, Firewall Policy Advisor for anomaly discovery and rule editing integrated network management. pp. 17- 30 ,(2003) , 10.1007/978-0-387-35674-7_2
Avishai Wool, Architecting the Lumeta firewall analyzer usenix security symposium. pp. 7- 7 ,(2001)
Taghrid Samak, Adel El-Atawy, Ehab Al-Shaer, Towards network security policy generation for configuration analysis and testing Proceedings of the 2nd ACM workshop on Assurable and usable security configuration. pp. 45- 52 ,(2009) , 10.1145/1655062.1655072
Adel El-Atawy, Taghrid Samak, Zein Wali, Ehab Al-Shaer, Frank Lin, Christopher Pham, Sheng Li, An Automated Framework for Validating Firewall Policy Enforcement ieee international workshop on policies for distributed systems and networks. pp. 151- 160 ,(2007) , 10.1109/POLICY.2007.5
Mark Allman, Vern Paxson, Jeff Terrell, A brief history of scanning Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07. pp. 77- 82 ,(2007) , 10.1145/1298306.1298316
Seny Kamara, Sonia Fahmy, Eugene Schultz, Florian Kerschbaum, Michael Frantzen, Analysis of vulnerabilities in Internet firewalls Computers & Security. ,vol. 22, pp. 214- 232 ,(2003) , 10.1016/S0167-4048(03)00310-9
Taghrid Samak, Adel El-Atawy, Ehab Al-Shaer, FireCracker: A Framework for Inferring Firewall Policies using Smart Probing international conference on network protocols. pp. 294- 303 ,(2007) , 10.1109/ICNP.2007.4375860