HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis
Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vul...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2024-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10373840/ |
_version_ | 1797289013247213568 |
---|---|
author | Hyunjung Lee Suryeon Lee Kyounggon Kim Huy Kang Kim |
author_facet | Hyunjung Lee Suryeon Lee Kyounggon Kim Huy Kang Kim |
author_sort | Hyunjung Lee |
collection | DOAJ |
description | Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, providing them with pathways into internal systems. Therefore, firewall policies must be meticulously applied and managed. Given the significant ramifications of firewall policies, they must be continuously managed with high importance. As the number of policies increases and the amount of information to be processed grows, the process becomes complex, and there are limitations to managing policies from a human cognitive perspective. An increase in unmanaged misuse policies can inadvertently introduce security risks through unintended allowance policies. In the case of large-scale network networks operating multiple firewalls, a different form of misuse policy check and management is required compared to managing a single firewall policy. The proposed tool, HSViz-II, not only visualizes misuse of a single firewall policy but also visualizes four misuse cases in a distributed firewall environment, providing a detailed breakdown based on Octets. It displays the distribution of anomalous policies by dividing the Source IP into Octet Layers. For the four anomalous policy cases, it offers five views based on dividing the Source IP into Octet Layers and three overall views for upstream firewall, downstream firewall, and both, totaling 60 views. The processing speed for each function was measured using four sets of actual upstream and downstream firewall policies, comprising eight different firewall policies in total. Firewall operators can use this tool to grasp the distribution status of misuse policies in single and multiple firewalls and check the status of misuse policies by Octet. By offering a method for firewall operators to accurately find meaningful information, this paper proposes a firewall misuse policy visualization system in a distributed firewall environment to help reduce the risk of asset exposure to cyber threats for enterprises. HSViz-II tool can be found on the web site: <uri>https://youtu.be/jvR8ZY2uapQ</uri> |
first_indexed | 2024-03-07T18:57:58Z |
format | Article |
id | doaj.art-0946ff25af354fe6abc6ae79fe23e978 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-07T18:57:58Z |
publishDate | 2024-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-0946ff25af354fe6abc6ae79fe23e9782024-03-02T00:01:16ZengIEEEIEEE Access2169-35362024-01-011293694810.1109/ACCESS.2023.334692210373840HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy AnalysisHyunjung Lee0https://orcid.org/0000-0002-4155-8073Suryeon Lee1Kyounggon Kim2Huy Kang Kim3https://orcid.org/0000-0002-0760-8807Korea Securities Computer Corporation (KOSCOM), Seoul, South KoreaDepartment of CyberSecurity, Seoul Women’s University, Nowon, South KoreaCenter of Excellence in Cybercrime and Digital Forensics (CoECDF), Naif Arab University for Security Sciences, Riyadh, Saudi ArabiaSchool of Cybersecurity, Korea University, Seongbuk, South KoreaEnterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, providing them with pathways into internal systems. Therefore, firewall policies must be meticulously applied and managed. Given the significant ramifications of firewall policies, they must be continuously managed with high importance. As the number of policies increases and the amount of information to be processed grows, the process becomes complex, and there are limitations to managing policies from a human cognitive perspective. An increase in unmanaged misuse policies can inadvertently introduce security risks through unintended allowance policies. In the case of large-scale network networks operating multiple firewalls, a different form of misuse policy check and management is required compared to managing a single firewall policy. The proposed tool, HSViz-II, not only visualizes misuse of a single firewall policy but also visualizes four misuse cases in a distributed firewall environment, providing a detailed breakdown based on Octets. It displays the distribution of anomalous policies by dividing the Source IP into Octet Layers. For the four anomalous policy cases, it offers five views based on dividing the Source IP into Octet Layers and three overall views for upstream firewall, downstream firewall, and both, totaling 60 views. The processing speed for each function was measured using four sets of actual upstream and downstream firewall policies, comprising eight different firewall policies in total. Firewall operators can use this tool to grasp the distribution status of misuse policies in single and multiple firewalls and check the status of misuse policies by Octet. By offering a method for firewall operators to accurately find meaningful information, this paper proposes a firewall misuse policy visualization system in a distributed firewall environment to help reduce the risk of asset exposure to cyber threats for enterprises. HSViz-II tool can be found on the web site: <uri>https://youtu.be/jvR8ZY2uapQ</uri>https://ieeexplore.ieee.org/document/10373840/Firewall policy visualizationpolicy analysisdata visualizationrule anomaly detectiondistributed firewall rule anomaly detection |
spellingShingle | Hyunjung Lee Suryeon Lee Kyounggon Kim Huy Kang Kim HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis IEEE Access Firewall policy visualization policy analysis data visualization rule anomaly detection distributed firewall rule anomaly detection |
title | HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis |
title_full | HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis |
title_fullStr | HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis |
title_full_unstemmed | HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis |
title_short | HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis |
title_sort | hsviz ii octet layered hierarchy simplified visualizations for distributed firewall policy analysis |
topic | Firewall policy visualization policy analysis data visualization rule anomaly detection distributed firewall rule anomaly detection |
url | https://ieeexplore.ieee.org/document/10373840/ |
work_keys_str_mv | AT hyunjunglee hsviziioctetlayeredhierarchysimplifiedvisualizationsfordistributedfirewallpolicyanalysis AT suryeonlee hsviziioctetlayeredhierarchysimplifiedvisualizationsfordistributedfirewallpolicyanalysis AT kyounggonkim hsviziioctetlayeredhierarchysimplifiedvisualizationsfordistributedfirewallpolicyanalysis AT huykangkim hsviziioctetlayeredhierarchysimplifiedvisualizationsfordistributedfirewallpolicyanalysis |