Connection Management using Automated Firewall from Threat Intelligence Data
Abstract
In a context of constantly evolving cyber threats, the need for dynamic and adaptive security solutions is imperative, where the approach of Threat Intelligence, which aims to collect, analyze, and interpret relevant information about digital threats, is crucial. Within this context, this article presents a security solution called FIBRA (Integrated Firewall with Automated Blacklists and Reputation), designed to manage connections in network infrastructures based on Cyber Threat Intelligence data. FIBRA aims to autonomously combat threats through real-time updates of blacklists and filtering techniques while achieving adequate scalability and providing a comprehensive view of network traffic and identified threats. Experiments conducted in a real cloud infrastructure indicate the effectiveness of FIBRA in identifying and mitigating suspicious connections, contributing to network security in complex and dynamic environments.References
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., and Wang, H. (2020). From logs to stories: Human-centred data mining for cyber threat intelligence. IEEE Access, 8:19089–19099.
Aguiar, E. S., Pinheiro, B. A., Figueirêdo, J. F. S., Cerqueira, E., Abelém, A. J. G., and Gomes, R. L. (2011). Trends and challenges for quality of service and quality of experience for wireless mesh networks. Wireless Mesh Networks, pages 127–148.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gomes, R. L., Bittencourt, L. F., Madeira, E. R., Cerqueira, E., and Gerla, M. (2016). A combined energy-bandwidth approach to allocate resilient virtual software defined networks. Journal of Network and Computer Applications, 69:98–106.
Komosny, D. (2023). Evidential value of country location evidence obtained from ip address geolocation. PeerJ Comput Sci.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Lopes Gomes, R. and Roberto Mauro Madeira, E. (2012). A traffic classification agent for virtual networks based on qos classes. IEEE Latin America Transactions, 10(3):1734–1741.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on ip profile database using python. Journal of Internet and Software Engineering (JISE), 3:12–19.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Vielberth, M., Menges, F., and Pernul, G. (2019). Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity, 2:1–15.
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers Security, 87:101589.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS), pages 1–6.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Aguiar, E. S., Pinheiro, B. A., Figueirêdo, J. F. S., Cerqueira, E., Abelém, A. J. G., and Gomes, R. L. (2011). Trends and challenges for quality of service and quality of experience for wireless mesh networks. Wireless Mesh Networks, pages 127–148.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gomes, R. L., Bittencourt, L. F., Madeira, E. R., Cerqueira, E., and Gerla, M. (2016). A combined energy-bandwidth approach to allocate resilient virtual software defined networks. Journal of Network and Computer Applications, 69:98–106.
Komosny, D. (2023). Evidential value of country location evidence obtained from ip address geolocation. PeerJ Comput Sci.
Lazar, D., Cohen, K., Freund, A., Bartik, A., and Ron, A. (2021). Imdoc: Identification of malicious domain campaigns via dns and communicating files. IEEE Access, 9:45242–45258.
Lopes Gomes, R. and Roberto Mauro Madeira, E. (2012). A traffic classification agent for virtual networks based on qos classes. IEEE Latin America Transactions, 10(3):1734–1741.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Rizkilina, T. M. and Rosyid, N. R. (2022). Packet filtering automation system design based on data synchronization on ip profile database using python. Journal of Internet and Software Engineering (JISE), 3:12–19.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Tosun, A., De Donno, M., Dragoni, N., and Fafoutis, X. (2021). Resip host detection: Identification of malicious residential ip proxy flows. In 2021 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6.
Vielberth, M., Menges, F., and Pernul, G. (2019). Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity, 2:1–15.
Wagner, T. D., Mahbub, K., Palomar, E., and Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers Security, 87:101589.
Wang, Q., Li, L., Jiang, B., Lu, Z., Liu, J., and Jian, S. (2020). Malicious domain detection based on k-means and smote. In Computational Science–ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II 20, pages 468–481. Springer.
Yadav, M. and Mishra, D. S. (2023). Identification of network threats using live log stream analysis. In 2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS), pages 1–6.
Yang, J. and Lim, H. (2021). Deep learning approach for detecting malicious activities over encrypted secure channels. IEEE Access, 9:39229–39244.
Published
2024-09-16
How to Cite
COSTA, Marcus A. S.; COSTA, Yago M. da; SILVA, Douglas A.; PORTELA, Ariel L.; GOMES, Rafael L..
Connection Management using Automated Firewall from Threat Intelligence Data. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 815-821.
DOI: https://doi.org/10.5753/sbseg.2024.241377.
