Anomaly Detection: Firewalls Capabilities and Limitations

Abstract

Firewalls are the most deployed basic security devices that are used to protect private networks from unauthorized accesses and intrusions. Firewall's security protection depends mainly on the quality of the firewall's configured policies. However, as firewalls policies grow in size, the interactions between policies of the same firewall or different firewalls become complex, which makes it difficult to design and manage firewalls policies in large scale systems. This paper identifies and compares recent firewall anomaly management frameworks, tools, and algorithms. It compares the anomaly management approaches in terms of visual representation, need for manual interference, existence of implementation, features, and limitations. It also classifies these approaches as single or distributed architectures, and the modes of these approaches as real-time or offline. Useful recommendations are provided as a result of this study.