BibTex RIS Cite

YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ

Year 2014, Volume: 29 Issue: 4, 0 - , 31.12.2014

O. Ayhan Erdem Ramazan Kocaoğlu

https://doi.org/10.17341/gummfd.18495
Cited By: 1

Abstract

Bu makalede, geleneksel güvenlik duvarı mimarilerinden tamamen farklı, yeni bir güvenlik duvarı mimarisi geliştirilmiştir. Geliştirilen mimari DIFA (Dynamic Intelligent Firewall Architect) olarak adlandırılmıştır. DIFA kendi kendisini yönetebilme temeline dayanan bir güvenlik duvarı mimarisidir. DIFA, üzerinden geçen trafiğin analizini yaparak ve yerel alan ağını tarayarak erişim kurallarını kendisi oluşturmaktadır.  Koruduğu ağda yapısal bir değişiklik oluştuğunda bunu tespit ederek gerekli yapılandırmaları kendisi yapabilmektedir. Ağ yöneticisine sadece kontrol amaçlı ihtiyaç duymaktadır. DIFA’nın verimliliği gerçek ağ ortamları kullanılarak test edilmiştir. Elde edilen sonuçlar, DIFA’nın kural oluşturma işlemini başarılı bir şekilde yapabildiğini göstermiştir.

Keywords

DIFA ağ güvenliği güvenlik duvarı erişim kontrol kuralları

References

  • Davy, S., Jennings, B., Strassner, J., “The Policy continuum-Policy authoring and conflict analysis”, Computer Communications, Cilt 31, No 13, 2981-2995, 2008.
  • Lee, S., Kim, H.S., “End-user perspectives of Internet connectivity problems”, Computer Networks, Cilt 56, No 6, 1710-1722, 2012.
  • Alshammari, R., Zincir-Heywood, A.N., “Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?”, Computer Networks, Cilt 55, No 6, 1326-1350, 2011.
  • Botta, A., Dainotti, A., Pescape, A., “A tool for the generation of realistic network workload for emerging networking scenarios”, Computer Networks, Cilt 56, No 15, 3531-3547, 2012.
  • Gouda, M.G., Liu, A.X., “Structured firewall design”, Computer Networks, Cilt 51, No 4, 1106-1120, 2007.
  • Chao, C.S., Yang, S.J., “A novel three-tiered visualization approach for firewall rule validation”, Journal of Visual Languages and Computing, Cilt 22, No 6, 401-414, 2011.
  • Liu, A.X., “Firewall policy verification and troubleshooting”, Computer Networks, Cilt 53, No 16, 2800-2809, 2009.
  • Pozo, S., Ceballos, R., Gasca, R.M., “Model-Based Development of firewall rule sets: Diagnosing model inconsistencies”, Information and Software Technology, Cilt 51, No 5, 894-915, 2009.
  • Pozo, S., Gasca, R.M., Reina-Quintero A.M, Varela-Vaca A.J, “CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework”, The Journal of Systems and Software, Cilt 85, No 2, 425-457, 2012.
  • Sreelaja, N.K., Pai, G.A.V., “Ant Colony Optimization based approach for efficient packet filtering in firewall”, Applied Soft Computing, Cilt 10, No 4, 1222-1236, 2010.
  • Kim, S., Kim, S., Geuk, L., “Structure design and test of enterprise security management system with advanced internal security”, Future Generation Computer Systems, Cilt 25, No 3, 358-363, 2009.
  • Abdulmohsin, I.M.A., “Techniques and algorithms for access control list optimization”, Computers and Electrical Engineering, Cilt 35, No 4, 556-566, 2009.
  • Lee, S., Wong, T., Kim, H.S., “Improving manageability through reorganization of routing-policy configurations”, Computer Networks, Cilt 56, No 14, 3192-3205, 2012.
  • Liao, Q., Blaich, A., VanBruggen, D., Striegel, A., “Managing networks through context: Graph visualization and exploration”, Computer Networks, Cilt 54, No 16, 2809-2824, 2010.
  • Liao, H., Lin, C.R., Lin, Y., Tung, K., “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications, Cilt 36, No 1, 16-24, 2013.
  • Njogu, H.W., Jiawei, L., Kiere, J.N., Hanyurwimfura D., “A comprehensive vulnerability based alert management approach for large networks”, Future Generation Computer Systems, Cilt 29, No 1, 27-45, 2013.
  • Zhang, S., Li, J., Chen, X., Fan, L., “Build network attack graph for alert causal correlation”, Computers&Security, Cilt 27, No 5-6, 188-196, 2008.
  • Morin, B., Me, L., Debar, H., Ducasse, M., “A logic-based model to support alert correlation in intrusion detection”, Information Fusion, Cilt 10, No 4, 285-299, 2009.
  • Li, J., Li, B., Wo, T., Hu, C., Huia, J., Lui, L., Lam, K.P., “CyberGuarder: A virtualization security assurance architecture for green cloud computing”, Future Generation Computer Systems, Cilt 28, No 2, 379-390, 2012.
  • Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M., “A survey of intrusion detection techniques in Cloud”, Journal of Network and Computer Applications, Cilt 36, No 1, 42-57, 2013.
  • Patel, A., Taghavi, M., Bakhtiyari, K., Junior, J.C., “An intrusion detection and prevention system in cloud computing: A systematic review”, Journal of Network and Computer Applications, Cilt 36, No 1, 25-41, 2013.
  • Razzag, A., Hur, A., Shahbaz, S., Masood, M., Ahmad, H.F., “Critical Analysis on Web Application Firewall Solutions”, IEEE Eleventh International Symposium on Autonomous Decentralized Systems, Mexico City, Mexico, 1-6, 6-8 Mart 2013.

Year 2014, Volume: 29 Issue: 4, 0 - , 31.12.2014

O. Ayhan Erdem Ramazan Kocaoğlu

https://doi.org/10.17341/gummfd.18495
Cited By: 1

Abstract

References

  • Davy, S., Jennings, B., Strassner, J., “The Policy continuum-Policy authoring and conflict analysis”, Computer Communications, Cilt 31, No 13, 2981-2995, 2008.
  • Lee, S., Kim, H.S., “End-user perspectives of Internet connectivity problems”, Computer Networks, Cilt 56, No 6, 1710-1722, 2012.
  • Alshammari, R., Zincir-Heywood, A.N., “Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?”, Computer Networks, Cilt 55, No 6, 1326-1350, 2011.
  • Botta, A., Dainotti, A., Pescape, A., “A tool for the generation of realistic network workload for emerging networking scenarios”, Computer Networks, Cilt 56, No 15, 3531-3547, 2012.
  • Gouda, M.G., Liu, A.X., “Structured firewall design”, Computer Networks, Cilt 51, No 4, 1106-1120, 2007.
  • Chao, C.S., Yang, S.J., “A novel three-tiered visualization approach for firewall rule validation”, Journal of Visual Languages and Computing, Cilt 22, No 6, 401-414, 2011.
  • Liu, A.X., “Firewall policy verification and troubleshooting”, Computer Networks, Cilt 53, No 16, 2800-2809, 2009.
  • Pozo, S., Ceballos, R., Gasca, R.M., “Model-Based Development of firewall rule sets: Diagnosing model inconsistencies”, Information and Software Technology, Cilt 51, No 5, 894-915, 2009.
  • Pozo, S., Gasca, R.M., Reina-Quintero A.M, Varela-Vaca A.J, “CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework”, The Journal of Systems and Software, Cilt 85, No 2, 425-457, 2012.
  • Sreelaja, N.K., Pai, G.A.V., “Ant Colony Optimization based approach for efficient packet filtering in firewall”, Applied Soft Computing, Cilt 10, No 4, 1222-1236, 2010.
  • Kim, S., Kim, S., Geuk, L., “Structure design and test of enterprise security management system with advanced internal security”, Future Generation Computer Systems, Cilt 25, No 3, 358-363, 2009.
  • Abdulmohsin, I.M.A., “Techniques and algorithms for access control list optimization”, Computers and Electrical Engineering, Cilt 35, No 4, 556-566, 2009.
  • Lee, S., Wong, T., Kim, H.S., “Improving manageability through reorganization of routing-policy configurations”, Computer Networks, Cilt 56, No 14, 3192-3205, 2012.
  • Liao, Q., Blaich, A., VanBruggen, D., Striegel, A., “Managing networks through context: Graph visualization and exploration”, Computer Networks, Cilt 54, No 16, 2809-2824, 2010.
  • Liao, H., Lin, C.R., Lin, Y., Tung, K., “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications, Cilt 36, No 1, 16-24, 2013.
  • Njogu, H.W., Jiawei, L., Kiere, J.N., Hanyurwimfura D., “A comprehensive vulnerability based alert management approach for large networks”, Future Generation Computer Systems, Cilt 29, No 1, 27-45, 2013.
  • Zhang, S., Li, J., Chen, X., Fan, L., “Build network attack graph for alert causal correlation”, Computers&Security, Cilt 27, No 5-6, 188-196, 2008.
  • Morin, B., Me, L., Debar, H., Ducasse, M., “A logic-based model to support alert correlation in intrusion detection”, Information Fusion, Cilt 10, No 4, 285-299, 2009.
  • Li, J., Li, B., Wo, T., Hu, C., Huia, J., Lui, L., Lam, K.P., “CyberGuarder: A virtualization security assurance architecture for green cloud computing”, Future Generation Computer Systems, Cilt 28, No 2, 379-390, 2012.
  • Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M., “A survey of intrusion detection techniques in Cloud”, Journal of Network and Computer Applications, Cilt 36, No 1, 42-57, 2013.
  • Patel, A., Taghavi, M., Bakhtiyari, K., Junior, J.C., “An intrusion detection and prevention system in cloud computing: A systematic review”, Journal of Network and Computer Applications, Cilt 36, No 1, 25-41, 2013.
  • Razzag, A., Hur, A., Shahbaz, S., Masood, M., Ahmad, H.F., “Critical Analysis on Web Application Firewall Solutions”, IEEE Eleventh International Symposium on Autonomous Decentralized Systems, Mexico City, Mexico, 1-6, 6-8 Mart 2013.
There are 22 citations in total.

Details

Primary Language Turkish
Journal Section Makaleler
Authors

O. Ayhan Erdem

Ramazan Kocaoğlu

Publication Date December 31, 2014
Submission Date December 31, 2014
Published in Issue Year 2014 Volume: 29 Issue: 4

Cite

APA Erdem, O. A., & Kocaoğlu, R. (2014). YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, 29(4). https://doi.org/10.17341/gummfd.18495
AMA Erdem OA, Kocaoğlu R. YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ. GUMMFD. December 2014;29(4). doi:10.17341/gummfd.18495
Chicago Erdem, O. Ayhan, and Ramazan Kocaoğlu. “YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 29, no. 4 (December 2014). https://doi.org/10.17341/gummfd.18495.
EndNote Erdem OA, Kocaoğlu R (December 1, 2014) YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 29 4
IEEE O. A. Erdem and R. Kocaoğlu, “YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ”, GUMMFD, vol. 29, no. 4, 2014, doi: 10.17341/gummfd.18495.
ISNAD Erdem, O. Ayhan - Kocaoğlu, Ramazan. “YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 29/4 (December 2014). https://doi.org/10.17341/gummfd.18495.
JAMA Erdem OA, Kocaoğlu R. YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ. GUMMFD. 2014;29. doi:10.17341/gummfd.18495.
MLA Erdem, O. Ayhan and Ramazan Kocaoğlu. “YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, vol. 29, no. 4, 2014, doi:10.17341/gummfd.18495.
Vancouver Erdem OA, Kocaoğlu R. YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ. GUMMFD. 2014;29(4).

Cited By

DİK EŞLEŞTİRME ARAYIŞ YÖNTEMİ İLE HİBRİT VERİ SIKIŞTIRMA VE OPTİKSEL KRİPTOGRAFİ
Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi
YÜK.MÜH.ERTAN ATAR
https://doi.org/10.17341/gazimmfd.300602