Applying static code analysis to firewall policies for the purpose of anomaly detection
Treating modern firewall policy languages as imperative, special purpose programming languages, in this thesis we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this thesis are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. ...