Firewall Wizards mailing list archives
New firewall paradigms, anyone ?
From: Darren Reed <darrenr () cyber com au>
Date: Sat, 29 Nov 1997 12:14:11 +1100 (EST)
Hmmm, how about a neural net firewall ? Before deployment and after a customer has asked for a model, you plug it in and run it though all the types of data flows it should expect to see and allow through. This should allow it to build up a pretty good knowledge base, so that when it sees something out of the ordinary, it flags it and/or drops it. I'm not sure how much real teaching would be involved or weighting of strange things would help. For example, if it has looked at lots of http headers, it'll know that they usually don't have any IP header options or urgent TCP data, so ones which do are "out of the ordinary". Conversely, if you were running something like the old multicast distribution which used source routing, it would have seen lots of packets with source routing options in place and but expect them to match its multicast model. and on I could go, just yapping about more stuff on how it would work with a neural net. The key part is the "training" but then, how do you add a new protocol ? Send it back to be retrained ? Costly, but how effective ? Darren
Current thread:
- RE: Time for a new FWTK? Stout, William (Nov 26)
- <Possible follow-ups>
- RE: Time for a new FWTK? Bret Watson (Nov 26)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- Re: Time for a new FWTK? Mike Shaver (Nov 29)