| Abstract: |
Firewalls are currently the prominent defense against network attacks. These
devices can play a crucial role in preserving the wellbeing of commercial as
well as personal networks. However, the correct configuration of firewalls is
hardly a trivial task, especially in distributed environments. A variety of
anomalies can affect the proper functioning of firewalls. This paper discusses
possible firewall anomalies in the single and distributed firewall cases. A
formalization of the rule anomaly discovery problem is presented. As an
application of the anomaly discovery algorithm, we overview an autonomous
defense system to counter Internet worms. General components of such system are
presented in a general envisioned design. Several research problems are
presented in the context of such system. |