A Multi-Agent Framework for Anomalies Detection on Distributed Firewalls Using Data Mining Techniques

The Agents and Data Mining integration has emerged as a promising area for disributed problems solving. Applying this integration on distributed firewalls will facilitate the anomalies detection process. In this chapter, we present a set of algorithms and mining techniques to analyse, manage and detect anomalies on distributed firewalls’ policy rules using the multi-agent approach; first, for each firewall, a static agent will execute a set of data mining techniques to generate a new set of efficient firewall policy rules. Then, a mobile agent will exploit these sets of optimized rules to detect eventual anomalies on a specific firewall (intra-firewalls anomalies) or between firewalls (inter-firewalls anomalies). An experimental case study will be presented to demonstrate the usefulness of our approach.

[1]  Henda Ben Ghezala,et al.  A secure mobile agents approach for anomalies detection on firewalls , 2008, iiWAS.

[2]  Matthias Klusch,et al.  The role of agents in distributed data mining: issues and benefits , 2003, IEEE/WIC International Conference on Intelligent Agent Technology, 2003. IAT 2003..

[3]  Adel Bouhoula,et al.  Tuple Based Approach for Anomalies Detection within Firewall Filtering Rules , 2007, 2007 12th IEEE Symposium on Computers and Communications.

[4]  Margaret H. Dunham,et al.  Data Mining: Introductory and Advanced Topics , 2002 .

[5]  Pasi Eronen,et al.  An expert system for analyzing firewall rules , 2001 .

[6]  N. Cuppens,et al.  Detection and Removal of Firewall Misconfiguration , 2019 .

[7]  Richard Murch,et al.  Intelligent Software Agents , 1998 .

[8]  Michael R. Genesereth,et al.  Software agents , 1994, CACM.

[9]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[10]  Philip S. Yu,et al.  Data Mining: An Overview from a Database Perspective , 1996, IEEE Trans. Knowl. Data Eng..

[11]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[12]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[13]  Danny B. Lange,et al.  Seven good reasons for mobile agents , 1999, CACM.

[14]  Gregory Piatetsky-Shapiro,et al.  Knowledge Discovery in Databases: An Overview , 1992, AI Mag..

[15]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[16]  S. Bellovin Distributed Firewalls , 1994 .

[17]  Karen A. Scarfone,et al.  Guidelines on Firewalls and Firewall Policy , 2009 .

[18]  Ehab Al-Shaer,et al.  Analysis of Firewall Policy Rules Using Data Mining Techniques , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[19]  S.M. Bellovin,et al.  Network firewalls , 1994, IEEE Communications Magazine.