Synthetic security policy generation via network traffic clustering

Taghrid Samak; Ehab Al-Shaer

doi:10.1145/1866423.1866433

Synthetic security policy generation via network traffic clustering

Taghrid Samak^*, Ehab Al-Shaer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

Security policies are an essential part in the operations of any networking system. Test policies are always needed for conducting research and development. Such policies are required in various phases of research related to many problems as performance optimization, device testing, and configuration analysis. In this paper, we introduce a novel technique that utilizes trace repositories to generate traffic-driven firewall policies. An online clustering mechanism is designed and developed to infer rule criteria and policy structure from the traffic. The approach generates policies relevant to the environment while satisfying structural features specified by testing requirements. Clustering parameters are tuned to fit the need of the testing domain. High level structural features (policy size, distinct rules, rule specificity, etc) are mapped to algorithm input parameters. The technique evaluation shows the flexibility as well as the accuracy of the generated policies compared to actual administrator-defined policies.

Original language	English
Title of host publication	Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10
Pages	45-53
Number of pages	9
DOIs	https://doi.org/10.1145/1866423.1866433
State	Published - 2010
Externally published	Yes
Event	3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10 - Chicago, IL, United States Duration: 4 Jan 2010 → 8 Oct 2010

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10
Country/Territory	United States
City	Chicago, IL
Period	4/01/10 → 8/10/10

Keywords

Firewall
Policy generation
Synthetic policy
Test cases

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/1866423.1866433

Cite this

@inproceedings{dc12ec9611594ccaaac9047b3900c795,

title = "Synthetic security policy generation via network traffic clustering",

abstract = "Security policies are an essential part in the operations of any networking system. Test policies are always needed for conducting research and development. Such policies are required in various phases of research related to many problems as performance optimization, device testing, and configuration analysis. In this paper, we introduce a novel technique that utilizes trace repositories to generate traffic-driven firewall policies. An online clustering mechanism is designed and developed to infer rule criteria and policy structure from the traffic. The approach generates policies relevant to the environment while satisfying structural features specified by testing requirements. Clustering parameters are tuned to fit the need of the testing domain. High level structural features (policy size, distinct rules, rule specificity, etc) are mapped to algorithm input parameters. The technique evaluation shows the flexibility as well as the accuracy of the generated policies compared to actual administrator-defined policies.",

keywords = "Firewall, Policy generation, Synthetic policy, Test cases",

author = "Taghrid Samak and Ehab Al-Shaer",

year = "2010",

doi = "10.1145/1866423.1866433",

language = "English",

isbn = "9781450300889",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "45--53",

booktitle = "Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10",

note = "3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10 ; Conference date: 04-01-2010 Through 08-10-2010",

}

Samak, T & Al-Shaer, E 2010, Synthetic security policy generation via network traffic clustering. in Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10. Proceedings of the ACM Conference on Computer and Communications Security, pp. 45-53, 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10, Chicago, IL, United States, 4/01/10. https://doi.org/10.1145/1866423.1866433

Synthetic security policy generation via network traffic clustering. / Samak, Taghrid; Al-Shaer, Ehab.
Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10. 2010. p. 45-53 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Synthetic security policy generation via network traffic clustering

AU - Samak, Taghrid

AU - Al-Shaer, Ehab

PY - 2010

Y1 - 2010

N2 - Security policies are an essential part in the operations of any networking system. Test policies are always needed for conducting research and development. Such policies are required in various phases of research related to many problems as performance optimization, device testing, and configuration analysis. In this paper, we introduce a novel technique that utilizes trace repositories to generate traffic-driven firewall policies. An online clustering mechanism is designed and developed to infer rule criteria and policy structure from the traffic. The approach generates policies relevant to the environment while satisfying structural features specified by testing requirements. Clustering parameters are tuned to fit the need of the testing domain. High level structural features (policy size, distinct rules, rule specificity, etc) are mapped to algorithm input parameters. The technique evaluation shows the flexibility as well as the accuracy of the generated policies compared to actual administrator-defined policies.

AB - Security policies are an essential part in the operations of any networking system. Test policies are always needed for conducting research and development. Such policies are required in various phases of research related to many problems as performance optimization, device testing, and configuration analysis. In this paper, we introduce a novel technique that utilizes trace repositories to generate traffic-driven firewall policies. An online clustering mechanism is designed and developed to infer rule criteria and policy structure from the traffic. The approach generates policies relevant to the environment while satisfying structural features specified by testing requirements. Clustering parameters are tuned to fit the need of the testing domain. High level structural features (policy size, distinct rules, rule specificity, etc) are mapped to algorithm input parameters. The technique evaluation shows the flexibility as well as the accuracy of the generated policies compared to actual administrator-defined policies.

KW - Firewall

KW - Policy generation

KW - Synthetic policy

KW - Test cases

UR - http://www.scopus.com/inward/record.url?scp=78650151051&partnerID=8YFLogxK

U2 - 10.1145/1866423.1866433

DO - 10.1145/1866423.1866433

M3 - Conference contribution

AN - SCOPUS:78650151051

SN - 9781450300889

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 45

EP - 53

BT - Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10

T2 - 3rd ACM Workshop on Artificial Intelligence and Security, AISec '10, Co-located with CCS'10

Y2 - 4 January 2010 through 8 October 2010

ER -

Synthetic security policy generation via network traffic clustering

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this