Title: Survey and Analysis of NFT and Blockchain Technologies for Developing Agricultural Product Trading Systems
<br>Cover Date: 2023-01-01
<br>Cover Display Date: 2023
<br>DOI: 10.1109/JCSSE58229.2023.10202015
<br>Description: In this research, we have surveyed NFT technology and Blockchain technology. We have analyzed both technologies to apply them in the agricultural product trading to benefit farmers the most. We have examined the strengths of NFT and NFT Marketplace to find ways to utilize these strengths in agricultural product trading. Additionally, we have identified various obstacles and suggested solutions. From the research, we have found that agricultural product trading through NFT Marketplace can provide benefits such as transparency, allowing buyers and sellers to verify the relevant transactions, the number of trades, the initial purchase price, and the final selling price. Moreover, the NFT's ownership information cannot be forged as they are on the Blockchain. By integrating the system with the community enterprise, the government's support, and using crypto seed phrases and private keys tied to accounts, farmers can receive KYC (Know Your Customer) and prevent fraud. Furthermore, NFT Marketplace can show sales transactions of each product category, which can help farmers understand market demand and popularity. Additionally, buyers can choose popular and trustworthy sellers (farmers) based on transaction history.
<br>Citations: 3
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Hybrid Tree-Rule Firewall for High Speed Data Transmission
<br>Cover Date: 2020-10-01
<br>Cover Display Date: October-December 2020
<br>DOI: 10.1109/TCC.2016.2554548
<br>Description: Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall.
<br>Citations: 8
<br>Aggregation Type: Journal
<br>-------------------
<br><br><br>Title: JSP Digital Asset Trading System
<br>Cover Date: 2019-10-01
<br>Cover Display Date: October 2019
<br>DOI: 10.1109/ICSEC47112.2019.8974847
<br>Description: This research presents a novel mechanism of digital asset trading system on blockchain called JSP-DATS. The JSP-DATS includes (1) a novel mechanism of trading, and (2) a novel mechanism of blockchain which will be the infrastructure of the system. The proposed novel mechanism of blockchain uses the Random-Checker Proof of Stake consensus model which can decrease transaction time. The blockchain of the JSP-DATS has been designed to multiple layers. This design is easy to develop, and can be used for further research. The internal mechanism of the proposed system including steps of encoding / decoding, key management, and the storage of encrypted digital assets on the blockchain has will be discussed in this paper. In addition, we have implemented the designed model using Microsoft Visual C ++ and encryption libraries from the MSDN web-site to create a software prototype. The prototype is used to study and measure the speed of the proposed scheme. The results show that transaction time of the proposed scheme is lower than that in BitCoin and Ethereum blockchain. With the proposed scheme, the seller (digital asset owners) can see transactions of the trading system transparently, and they can receive their percentage share immediately. In addition, we expect that buyers will indirectly benefit from purchasing digital assets at a lower price.
<br>Citations: 2
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Authentication model using the bundled CAPTCHA OTP instead of traditional password
<br>Cover Date: 2019-04-15
<br>Cover Display Date: 15 April 2019
<br>DOI: 10.1109/ECTI-NCON.2019.8692255
<br>Description: In this research, we present identity verification using the 'Bundled CAPTCHA OTP' instead of using the traditional password. This includes a combination of CAPTCHA and One Time Password (OTP) to reduce processing steps. Moreover, a user does not have to remember any password. The Bundled CAPTCHA OTP which is the unique random parameter for any login will be used instead of a traditional password. We use an e-mail as the way to receive client-side the Bundled CAPTCHA OTP because it is easier to apply without any problems compare to using mobile phones. Since mobile phones may be crashing, lost, change frequently, and easier violent access than e-mail. In this paper, we present a processing model of the proposed system and discuss advantages and disadvantages of the model.
<br>Citations: 7
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Design of blockchain lottery for Thai government
<br>Cover Date: 2019-04-15
<br>Cover Display Date: 15 April 2019
<br>DOI: 10.1109/ECTI-NCON.2019.8692241
<br>Description: This research represents a model of buying and selling lotteries system on Blockchain by using Ethereum network to determines the conditions for the purchasing of the lottery and reward the prize winner. Our system uses Ethereum coins to buy and reward the prize for convenience in term of speed and also reduce the problems which is unable to be controlled by the government. For example, lottery agents (intermediaries) may sell the lottery at overprice, and reward the winners at a lower than appropriate rate. Additionally, the most important problem is the verification of the real owner of the lottery.
<br>Citations: 7
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: JS digital assets trading system
<br>Cover Date: 2019-04-15
<br>Cover Display Date: 15 April 2019
<br>DOI: 10.1109/ECTI-NCON.2019.8692301
<br>Description: Blockchain technology is made to be strong and durable as well. Each block of information is stored and chained with other blocks strongly using hashing technique. Blockchain technology cannot be controlled by any one, and no one can destroy it.In this study, we have designed the intellectual property trading system using Blockchain as the data source. We have brought an example of e-book trading system on Blockchain that encrypts e-books which confirms that only customers and authors can access the e-book files.
<br>Citations: 1
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Load Balancer Mechanism using Optimal Parameter based on Calculus
<br>Cover Date: 2018-12-20
<br>Cover Display Date: 20 December 2018
<br>DOI: 10.23919/INCIT.2018.8584884
<br>Description: This research proposes improvement of load balancer mechanism using technique that agent software preinstalled on servers has to read server resource information and send the information to load balancer. This technique provides reliable and up-to-date information to the load balancer because if the information, e.g. active connections, is estimated or counted by load balancer, it may have some errors or be not match with the real information. Also, putting weights of each server to the load balancer by an administrator may have unintentionally bias. With this technique, 'plan making' for dispatching incoming requests to servers will operate efficiently. Implementing the agent for reading and sending resource information to the server can be done easily. Similarly, an algorithm to create the plan making function is not hard because it is similar to other existing load balancing algorithms. Therefore, the main problem for this research is that how much of time interval between each plan making should be appropriate. This is because too wide of time interval can make slow reaction of system. Consequently, the overall efficiency will be dropped. Likewise, too narrow of time interval can bring the drop of overall efficiency as well. This is because the load balancer has to use almost of all its CPU time to make a dispatching plan. Thus, investigating to find the best value of time interval is the main focus of this research. Highlight of the proposed method is discovering the optimal time interval 'w' which can bring the highest overall efficiency 'P' to the network. We firstly present the function of overall efficiency in the term P=f(w) and then differentiate the function to obtain its derivative function. Consequently, we can discover the optimal 'w' at the point that 'P' can reach to its maximum.
<br>Citations: 1
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: P coin: High speed cryptocurrency based on random-checkers proof of stake
<br>Cover Date: 2018-07-02
<br>Cover Display Date: 2 July 2018
<br>DOI: 10.1109/SCIS-ISIS.2018.00092
<br>Description: Various types of cryptocurrency e.g. BitCoin, Ethereum, Zcash, and more, are broadly accepted and used in many different forms of business but a typical problem that the cryptocurrency users are faced with is the delay of coin transfer. For example, it takes several hours for BitCoin and several minutes for Ethereum. These cryptocurrencies also consume a high quantity of electricity for transaction validation. Even though there currently is a type of cryptocurrencies, Ripple, that can be quickly transferred in 4 seconds but still it is a closed system with an owner, not a public cryptocurrency. Similarly, an algorithm 'Proof of Stake' used by new coins that are more energy-saving but several problems are still found including (1) 51% attack, (2) a richer with more coins gains higher rewards, and (3) a problematic node for block validation that is not currently active. This research presents a model of an open cryptocurrency system that is able to transfer a coin within 3 seconds in which an algorithm called 'Random-Checkers Proof of Stake' (RCPoS) was proposed to randomly select the inspectors for validation processes which can avoid those three problems of the Proof of Stake.
<br>Citations: 6
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Integrating the dynamic password authentication with possession factor and CAPTCHA
<br>Cover Date: 2018-07-02
<br>Cover Display Date: 2 July 2018
<br>DOI: 10.1109/SCIS-ISIS.2018.00093
<br>Description: In a previous study, the researchers presented the Dynamic Password Authentication that was designed with an uncomplicated algorithm so it was applicable for several platforms, e.g., web application, network device, and mobile application. This Dynamic Password Authentication was practically implemented and the system analysis was discussed in terms of security, speed, and ease of use by comparing it with the Cisco CHAP authentication. Differently, this study presented an integration of the Dynamic Password Authentication with a possession factor and CAPTCHA to make the system more secured by typically focusing on creating a shortest, fastest, and simplest process. On this matter, we tried out with user's e-mail as the possession factor since there was a low rate of errors than using a mobile phone that could be broken, lost, or replaced more often than the e-mail. Meanwhile, a CAPTCHA question was taken by clicking the link in the e-mail that offered a better security than presenting the CAPTCHA question directly on a log-in page. In fact, this paper presented the model and the system analysis to point out different benefits of the proposed authentication system.
<br>Citations: 3
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: An improvement of tree-rule firewall for a large network: Supporting large rule size and low delay
<br>Cover Date: 2016-01-01
<br>Cover Display Date: 2016
<br>DOI: 10.1109/TrustCom.2016.0061
<br>Description: Firewalls are important network devices which provide first hand defense against network threat. This level of defense is depended on firewall rules. Traditional firewalls, i.e., Cisco ACL, IPTABLES, Check Point and Juniper NetScreen firewall use listed rule to regulate packet flows. However, the listed rules may lead to rule conflictions which make the firewall to be less secure or even slowdown in performance. Based on our previous research works, we proposed the Tree-Rule firewall which does not encounter such rule conflicts within its rule set and operates faster than the traditional firewalls. However, in big or complex networks, the Tree-Rule firewall still may face two main problems. 1. Firewall administrators may face difficulty to write big and complex rule. 2. Difficulty to select appropriate attribute column for the Root node. In this paper, we propose an improved model for the Tree-Rule firewall by extending our previous models. We offer the use of combination between IN and OUT interfaces of the firewall to separate a big rule to many small independent rules. Each separated rule then can be managed in an individual screen. Sequence of verifying attributes, i.e., Source IP, Destination IP and Destination Port numbers, can be ordered independently in each separated rule. We implement the two main schemes on Linux Cent OS 6.3. We found that the improved Tree-Rule firewall can be managed easily with low processing delay.
<br>Citations: 2
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: A stateful mechanism for the tree-rule firewall
<br>Cover Date: 2015-01-15
<br>Cover Display Date: 15 January 2015
<br>DOI: 10.1109/TrustCom.2014.20
<br>Description: In this paper, we propose a novel connection tracking mechanism for Tree-rule firewall which essentially organizes firewall rules in a designated Tree structure. A new firewall model based on the proposed connection tracking mechanism is then developed and extended from the basic model of Net filter's Conn Track module, which has been used by many early generation commercial and open source firewalls including IPTABLES, the most popular firewall. To reduce the consumption of memory space and processing time, our proposed model uses one node per connection instead of using two nodes as appeared in Net filter model. This can reduce memory space and processing time. In addition, we introduce an extended hash table with more hashing bits in our firewall model in order to accommodate more concurrent connections. Moreover, our model also applies sophisticated techniques (such as using static information nodes, and avoiding timer objects and memory management tasks) to improve its processing speed. Finally, we implement this model on Linux Cent OS 6.3 and evaluate its speed. The experimental results show that our model performs more efficiently in comparison with the Net filter/IPTABLES.
<br>Citations: 12
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Improving cloud network security using the Tree-Rule firewall
<br>Cover Date: 2014-01-01
<br>Cover Display Date: 2014
<br>DOI: 10.1016/j.future.2013.06.024
<br>Description: This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.
<br>Citations: 41
<br>Aggregation Type: Journal
<br>-------------------
<br><br><br>Title: Dynamic password authentication: Designing step and security analysis
<br>Cover Date: 2012-12-01
<br>Cover Display Date: 2012
<br>DOI: N/A
<br>Description: This research purposively proposes the Dynamic Password Authentication procedures to be practically applied with various platforms e.g. web applications, network devices, and mobile applications. The researchers presented the overall design and the developed design with stronger security. Besides, the system analysis was tested for Security, Speed, and 'Ease of Use'. Based on the study and testing, it was found that the authentication system designed by the researchers can usefully be applied for various purposes i.e. (1) to replace an authentication on website without using HTTPS to reduce an expense on CA; (2) to be applied on network devices or mobile applications to secure the password sending process and to prevent the password from being cracked. Firmly, this authentication method had been tested and compared with other protection systems and it was qualified as a highly effective system. © 2012 AICIT.
<br>Citations: 2
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Analyzing matched packets on cisco ACL rules: Theories and proof
<br>Cover Date: 2012-02-01
<br>Cover Display Date: February 2012
<br>DOI: 10.4156/jcit.vol7.issue2.6
<br>Description: This research aims to propose the applicable theory for Matching Analysis between packets and rules of Cisco ACL, which helps the ACL rule designers understand more about the components of Cisco ACL rules such as rule confliction, the excludable rules, and rule combination. The proposed theory explains the conditions under which the rules should not be repositioned and those that could be swapped without any effects on the policy. The theory originates from a simple idea and our study suggests 11 theories that we prove to be applicable. In this regard, this study also illustrates the practical implementation of the proposed theories. In addition, the theories can be applied to analyze the complexity of firewall rules.
<br>Citations: 6
<br>Aggregation Type: Journal
<br>-------------------
<br><br><br>Title: Web's dynamic session IDs: Design and analysis
<br>Cover Date: 2012-02-01
<br>Cover Display Date: February 2012
<br>DOI: 10.4156/jcit.vol7.issue2.10
<br>Description: A number of websites is recently faced with the problems from Session Hijacking Attacks which are simple to be launched with higher possibility of success. Besides, this attacking is now popular amongst the hackers in which it is ranked on the Top 10 Web Attacking. Session Hijacking can be launched by capturing Cookie/Session IDs within an LAN, or by using XSS (Cross Site Scripting), which allows hackers to steal cookies from across the world and then use the captured Cookie/Session ID to access the system on a victim's identity. This problem is a result of using a Static Session ID. This research proposes a model to protect against Session hijacking by using a Non-Static Session ID instead of a Static Session ID. We combine Hashing of the Secret with Time to create the constantly changeable Session ID. With this model, a victim's session ID captured by hacker will not be able to be used for replay attacks. In addition, this model can prevent both manual and automatic Session Hijackings in which Client and Server has no need to synchronize the time and to use NTP.
<br>Citations: 4
<br>Aggregation Type: Journal
<br>-------------------
<br><br><br>Title: Limitation of listed-rule firewall and the design of tree-rule firewall
<br>Cover Date: 2012-01-01
<br>Cover Display Date: 2012
<br>DOI: 10.1007/978-3-642-34883-9_22
<br>Description: This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem, and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitation about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next, limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions that can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.
<br>Citations: 7
<br>Aggregation Type: Book Series
<br>-------------------
<br><br><br>Title: Sniffing packets on LAN without ARP spoofing
<br>Cover Date: 2008-12-29
<br>Cover Display Date: 2008
<br>DOI: 10.1109/ICCIT.2008.318
<br>Description: Identifying weak points of network systems and protecting them (before attackers or hackers detect and use our data to attack our systems) are regarded as essential security methods, especially on the LAN system which uses ARP Protocol with holes enabling hackers to conduct ARP Spoof and sniff Packets on the LAN systems. Regarding websites with membership systems such as e-commerce websites and websites with e-mail systems such as Hotmail and Gmail, every time users click links, Browsers will send away HTTP requests which contain Cookies and Session ID. If hackers successfully sniff Cookies and Session ID of any member, they will be able to access the member's system by the right of that member. This type of attacks can be prevented by using Static ARP, detecting ARP Spoof using IDS, or using Anti Sniff type programs to scan for the computer which is sniffing the data. Although sniffing data is harmful, it sometimes needs to be conducted for some purposes, e.g. confidential affair job (sniffing terrorists' data) etc. This research aims to study techniques in sniffing data on the LAN system without using ARP Spoof. The results are as follows. (1) The victims cannot detect hackers by using IDS. (2) Static ARP cannot prevent sniffing data by this method. (3) The hacker's computer cannot be scanned and found by using Anti Sniff type programs. MAC Address and IP Address values are set to coincide with Gateway MAC Address and Gateway IP Address respectively. Only two basic programs-Ping and Ethereal are used. Ethereal is used to sniff the data, and Ping command is used to send Packets to deceive the Switch Port that Gateway is connecting with the port that we are connecting. This process is to alternate with Stop Ping (wait) in order to enable the system to function normally on occasions. This method is tested in sniffing the victim's Cookies while the victim is clicking links to open the mailboxes of Gmail and Hotmail. The result shows that the number of the sniffed Cookies is approximately 20-35%, comparing with the number of the Cookies sent to the Internet by the victim. The number of sniffed Cookies also depends on other factors such as periods of Stop Ping (wait) and brands of Switch. We have conducted the experiment with three brands of Switch consisting of Cisco, 3COM and SMC. It is found that using Cisco brand provides the potentiality to get the largest amount of Cookies. In contrast, using SMC brand provides the potentiality to get the smallest amount of Cookies. And when Ping sending is tested, switching with Wait for 1, 2, 3, ....., 40 seconds, it is found that when we wait for 1-2 seconds, the user will feel that the network system encounters a problem, and login and Logout process takes longer time than usual. However, the proportion of the sniffed Cookies is high (about 30-35%). When the Wait value is set higher, the chance to get Cookies decreases, but the victim will not feel the abnormality (setting the Wait value at 7-10 seconds, the sniffed Cookies will be about 20% of all Cookies). © 2008 IEEE.
<br>Citations: 18
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Top 10 free Web-Mail security test using Session Hijacking
<br>Cover Date: 2008-12-29
<br>Cover Display Date: 2008
<br>DOI: 10.1109/ICCIT.2008.324
<br>Description: This research presents the results of the experimental about security level of the Top 10 popular Free Web-Mail. These 10 Web Mails were hacked by means of Session Hijacking. The researcher conducted this experiment on the LAN system and used information capturing technique to gain Cookies and Session ID inside Cookies. Then, Hijacking was conducted by using two Hijacking methods. The first method, which was common and easy to conduct, used only one Cookie. The second method, which was not very popular but offered high penetrating power, used all Cookies (Cookies cloned by SideJacking tools). The results show that the Web Mails with the height security level are AOL Mail, GMX Mail and Yahoo Mail; and the Web Mails with the low security level are Gmail, Inbox Mail and Hotmail. © 2008 IEEE.
<br>Citations: 10
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Architecture and protocols for secure LAN by using a software-level Certificate and cancellation of ARP protocol
<br>Cover Date: 2008-12-29
<br>Cover Display Date: 2008
<br>DOI: 10.1109/ICCIT.2008.345
<br>Description: This research presents a design of "architecture and protocols" for the LAN security preventing the process of MAC Address spoofing, ARP Spoof and MITM. Each Network Card is designed to have a Certificate, a Private Key and a Public Key, all of which are issued by the product vendor. A certificate is in a form of software-data which may be available in the Card Network package, or can be downloaded from a vendor websites. A Certificate will certify MAC Address value. DHCP is re-designed to authenticate Network Cards before delivering IP Addresses. DHCP Server also assigned to be the 'MAC-IP database center" which stores the data about matching between MAC Address and IP Address. When any Hosts want to request MAC Address value, (for interested IP Addresses) they must send "DHCP Request-MAC" to DHCP Server instead. Moreover, the designed system will not use ARP Protocol because the new DHCP (which co-works with Certificates) will cover all functions. © 2008 IEEE.
<br>Citations: 10
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: HTTPS hacking protection
<br>Cover Date: 2007-10-18
<br>Cover Display Date: 2007
<br>DOI: 10.1109/AINAW.2007.200
<br>Description: In general, E-Commerce sites utilize SSL to ward off the authorized detection and decoding of confidential data over a network. In most cases, the communication between Web Browser and E-Commerce Web Server is uses HTTPS protocol. However, the communication often induces some drawbacks, simply denoted by hole. This, in addition, furnishes an opportunity for a hacker to manipulate the data, i.e. decoding the data, using SSL-MITM (SSL Man in the Middle) technique. According to the trials in an experiment with Auditor Security Collection, the results illustrate a hacker and a victim who are on the same local area network; the hacker could be able to decode confidential data (password or credit card number) with the possibility of more than 50 %. This paper presents 3 different methodologies to prevent the decoding using SSL-MITM on the confidential data which normally traverses over e-commerce websites. In addition, the evaluation of 3 schemes is conducted to show the degrees of efficiency of the techniques. Furthermore, this information can be preliminarily utilized as a factor to increase the security of e-commerce website. © 2007 IEEE.
<br>Citations: 21
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>Title: Firewall rules analysis
<br>Cover Date: 2006-12-01
<br>Cover Display Date: 2006
<br>DOI: N/A
<br>Description: In this paper, we propose a method to analyze the firewall policy or rule-set using Relational Algebra and Raining 2D-Box Model. It can discover all the anomalies in the firewall rule-set in the format that is usually used by many firewall products such as Cisco Access Control List, IPTABLES, IPCHAINS and Check Point Firewall-1. While the existing analyzing methods consider the anomalies between any two rules in the firewall rule-set, we consider more than two rules together at the same time to discover the anomaly. Therefore we can find all the hidden anomalies in the firewall rule-set. Results from analyzing can be used with the proposed rules-combination method presented in this paper, to minimize the firewall rule without changing the policy. Finally, we have developed an application based on the proposed analyzing method. This application could help administrator to analyze and modify a complex firewall policy with less error.
<br>Citations: 11
<br>Aggregation Type: Conference Proceeding
<br>-------------------
<br><br><br>