An Approach to the Generalization of Firewall Rules

Modern firewalls are becoming complex and anomalies may exist in their rule sets. Security log data, such as firewall logs and logs generated by intrusion detection systems, could provide useful information for the update and addition of existing firewall rule sets. In this paper, we focus on the development of an effective mechanism for firewall rule generation, and proposed an algorithm called Domain-Specific Rule Generation (DSRG) algorithm. The algorithm integrates domain-specific network configuration information to help with the generalization of firewall rules based on security log data. These generalized rules could help with the anomaly check or used as an addition for existing rule sets.