An intelligent security architecture for distributed firewalling environments

Due to the increasing threat of attacks and malicious activities, the use of firewall technology is an important milestone toward making networks of any complexity and size secure. Unfortunately, the inherent difficulties in designing and managing firewall policies within modern highly distributed, dynamic and heterogeneous environments might greatly limit the effectiveness of firewall security. It is therefore desirable to automate as much as possible the firewall configuration process. Accordingly, this work presents a new more active and scalable firewalling architecture based on dynamic and adaptive policy management facilities, thus enabling the automatic generation of new rules and policies to ensure a timely response in detecting unusual traffic activity as well as identify unknown potential attacks (zero-day). The proposed scheme, with a multi-stage modular structure, can be easily applied to a distributed security environment and does not depend on any specific security solutions or hardware/software packages. © 2011 Springer-Verlag.