FILTERING POLICY VERIFICATION BASED ON EVENT CALCULUS AND ABDUCTION REASONING
Тишков А. В.
I. V. Kotenko
St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences, Laboratory of Computer Security Problems ; Professor
Abstract. The abductive reasoning approach to verification of filtering policy is considered. The anomaly classification for rules of firewall access control list is proposed. Various scenarios of firewall functioning modeling are analyzed on the base of Event Calculus. Application of abductive search methods for detection and resolution of filtering policy anomalies is presented. These methods are based on disjoint granulation of rule conditions.
Keywords: firewall, traffic filtering, abductive reasoning, network traffic filtering anomaly.