A bit vector-based diagnosis mechanism for firewall rule anomalies in IPv6 networking environment

Chi Shih Chao, Stephen J.H. Yang

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Firewalls are what some consider to be the most essential devices which can safeguard networks. Misconfigurations of firewall rules often lead to rule anomalies which can be easily used by network attacks to paralyze the managed network. However, finding such rule anomalies is no easy task due to its time-consuming, laboring, strenuous characteristics. What’s worse is, with the massive and increasing deployment of IPv6 in the current Internet, anomaly diagnosis for firewall rules becomes even harder. In this paper, a bit vector-based anomaly diagnosis approach is proposed and realized where it can pinpoint anomalies among IPv6 firewall rules not only effectively, but also much more efficiently and more easily. As a result, a visualized platform for our IPv6 firewall rule anomaly diagnosis has been implemented and comprehensive performance evaluations on anomaly diagnosis have been conducted also, in which our developed approach shows its excellence and feasibility.

Original languageEnglish
Pages (from-to)867-876
Number of pages10
JournalJournal of Internet Technology
Volume22
Issue number4
DOIs
StatePublished - 2021

Keywords

  • BST-based vectorization
  • Diagnosis visualization
  • Rule anomalies in IPv6 firewalls
  • Rule anomaly diagnosis
  • System usability

Fingerprint

Dive into the research topics of 'A bit vector-based diagnosis mechanism for firewall rule anomalies in IPv6 networking environment'. Together they form a unique fingerprint.

Cite this