{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T12:07:51Z","timestamp":1767182871797},"reference-count":68,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2008,6,1]],"date-time":"2008-06-01T00:00:00Z","timestamp":1212278400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Artif Intell Rev"],"published-print":{"date-parts":[[2008,6]]},"DOI":"10.1007\/s10462-009-9147-0","type":"journal-article","created":{"date-parts":[[2009,11,4]],"date-time":"2009-11-04T06:50:43Z","timestamp":1257317443000},"page":"223-248","source":"Crossref","is-referenced-by-count":16,"title":["A formal logic approach to firewall packet filtering analysis and generation"],"prefix":"10.1007","volume":"29","author":[{"given":"John","family":"Govaerts","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arosha","family":"Bandara","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin","family":"Curran","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2009,11,5]]},"reference":[{"key":"9147_CR1","unstructured":"Abdennadher S (2001) Rule-based constraint programming, Habilitationsschrift, Ludwig-Maximilians- Universit\u00e4t, M\u00fcnchen, Germany, 15 July 2001"},{"key":"9147_CR2","doi-asserted-by":"crossref","unstructured":"Acharya S, Wang J, Ge Z, Znati T, Greenberg A (2006) Simulation study of firewalls to aid improved performance. In: Proceedings of the 39th Annual Simulation Symposium (ANSS\u201906), Huntsville, 2\u20136 April 2006","DOI":"10.1109\/ANSS.2006.42"},{"key":"9147_CR3","unstructured":"Al-Shaer E, Hamed H (2003) Firewall policy advisor for anomaly detection and rule editing. IEEE\/IFIP Integrated Management(IM\u20192003), Colorado Springs, pp 17\u201330, 24\u201328 March 2003"},{"key":"9147_CR4","doi-asserted-by":"crossref","unstructured":"Al-Shaer E, Hamed H (2004) Discovery of policy anomalies in distributed firewalls. In: Proceedings of IEEE INFOCOM, Hong Kong, pp 2605\u20132616, 7\u201312 March 2004","DOI":"10.1109\/INFCOM.2004.1354680"},{"key":"9147_CR5","doi-asserted-by":"crossref","unstructured":"Al-Tawil K, Al-Kaltham I (1999) Evaluation and testing of internet firewalls. In: Int J Netw Manage 9: 135\u2013149, Wiley","DOI":"10.1002\/(SICI)1099-1190(199905\/06)9:3<135::AID-NEM311>3.0.CO;2-5"},{"key":"9147_CR6","doi-asserted-by":"crossref","unstructured":"Baboescu F, Varghese G (2005) Scalable packet classification. In: IEEE\/ACM Trans Networking, vol 13, n\u00b0 1, pp 2\u201314 Feb 2005","DOI":"10.1109\/TNET.2004.842232"},{"key":"9147_CR7","doi-asserted-by":"crossref","unstructured":"Bandara AK, Kakas A, Lupu E, Russo A (2006) Using argumentation logic for firewall policy specification and analysis. In: 17th IFIP\/IEEE workshop on distributed systems: operations and management (DSOM) 2006, Dublin, 23\u201325 Oct 2006","DOI":"10.1007\/11907466_16"},{"key":"9147_CR8","doi-asserted-by":"crossref","unstructured":"Bandara AK, Lupu EC, Russo A (2003) Using event calculus to formalise policy specification and analysis. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (POLICY\u201903), Lake Como, 4\u20136 June 2003","DOI":"10.1109\/POLICY.2003.1206955"},{"key":"9147_CR9","doi-asserted-by":"crossref","unstructured":"Bandara AK, Lupu EC, Moffett J, Russo A (2004) A goal-based approach to policy refinement. In: Proceedings of the 5th IEEE international workshop on policies for distributed systems and networks (POLICY\u201904), Yorktown Heights, New York, 7\u20139 June 2004","DOI":"10.1109\/POLICY.2004.1309175"},{"key":"9147_CR10","doi-asserted-by":"crossref","unstructured":"Bartal Y, Mayer AJ, Nissim K, Wool A (1999) Firmato: a novel firewall management toolkit. In: Proceedings of IEEE symposium on security and privacy, Oakland, California, USA, pp 17\u201331, 9\u201312 May 1999","DOI":"10.1109\/SECPRI.1999.766714"},{"key":"9147_CR11","doi-asserted-by":"crossref","unstructured":"Begel A, McCanne S, Graham SL (1999) BPF+: exploiting global data-flow optimization in a generalized packet filter architecture. SIGCOMM\u201999, Aug 99, Cambridge, pp 123\u2013134, 30 Aug\u20133 Sept 1999","DOI":"10.1145\/316188.316214"},{"key":"9147_CR12","volume-title":"PROLOG programming for artificial intelligence","author":"I Bratko","year":"2001","unstructured":"Bratko I (2001) PROLOG programming for artificial intelligence. Pearson Education Ltd, Harlow"},{"key":"9147_CR13","doi-asserted-by":"crossref","unstructured":"Burns J, Cheng A, Gurung P, Rajagopalan S, Rao P, Rosenbluth D, Surendran AV, Martin DM (2001) Automatic management of network security policy. In: DARPA information survivability conference and exposition (DISCEX II\u201901), vol 2, Anaheim, California, pp 12\u201326, 12\u201314 June 2001","DOI":"10.1109\/DISCEX.2001.932156"},{"key":"9147_CR14","doi-asserted-by":"crossref","unstructured":"Charalambides M, Flegkas P, Pavlou G, Rubio-Loyola J, Bandara AK, Lupu EC, Russo A, Sloman M, Dulay N (2005) Policy conflict analysis for quality of service management. In: Proceedings of the 6th IEEE international workshop on policies for distributed systems and networks, Stockholm, 6\u20138 June 2005","DOI":"10.1109\/POLICY.2005.23"},{"key":"9147_CR15","unstructured":"Chapman DB, Zwicky ED (1995) Building internet firewalls. In: Russell D (ed). O\u2019Reilly & Associates, Inc., Sebastopol, CA, USA"},{"issue":"1","key":"9147_CR16","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1109\/TKDE.2003.1161596","volume":"15","author":"J Chomicki","year":"2003","unstructured":"Chomicki J, Lobo J, Naqvi S (2003) Conflict resolution using logic programming. IEEE Trans Knowl Data Eng 15(1): 244\u2013249","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"9147_CR17","unstructured":"Cuppens F et\u00a0al (2004) A formal approach to specify and deploy a network security policy. In: Formal aspects in security and trust, Toulouse, France, pp 203\u2013218"},{"key":"9147_CR18","unstructured":"Cuppens F, Cuppens-Boulahia N, Garcia-Alfaro J (2005) Misconfiguration management of network security components. In: Proceedings of the 7th international Symposium on System and Information Security(SSI 2005), Sao Paulo, 1\u201310 Nov 2005"},{"key":"9147_CR19","doi-asserted-by":"crossref","unstructured":"Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: International workshop, policies for distributed systems and neworks (Policy 2001), LNCS 1995. Springer, Bristol, pp 18\u201339, 29\u201331 Jan 2001","DOI":"10.1007\/3-540-44569-2_2"},{"key":"9147_CR20","doi-asserted-by":"crossref","unstructured":"Dantsin E, Eiter T, Gottlob G, Voronkov A (2001) Complexity and expressive power of logic programming. In: ACM computing surveys, vol. 33, No. 3, pp 374\u2013425, Sept 2001, first presented at the 12th annual IEEE conference on computational complexity (CCC\u201997), Ulm, 1997","DOI":"10.1145\/502807.502810"},{"key":"9147_CR21","doi-asserted-by":"crossref","unstructured":"Denecker M, Kakas A (2002) Abduction in logic programming. In: Kakas A and Sadri F (eds) Computational logic: logic programming and beyond, essays in honour of Robert A. Kowalski LNCS 2407, Part I, pp 402\u2013436. Springer, Berlin","DOI":"10.1007\/3-540-45628-7_16"},{"key":"9147_CR22","doi-asserted-by":"crossref","unstructured":"Desmet L, Piessens F, Joosen W, Verboeten P (2006) Bridging the gap between web application firewalls and Web applications. In: FMSE\u201906, Alexandria, pp 67\u201377, 3 Nov 2006","DOI":"10.1145\/1180337.1180344"},{"key":"9147_CR23","unstructured":"Dictionary of Computing (2004) A dictionary of computing. Oxford University Press, 2004. Oxford Reference Online, Oxford University Press, http:\/\/www.oxfordreference.com\/"},{"key":"9147_CR24","doi-asserted-by":"crossref","unstructured":"El Kalam AA, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Mi\u00e8ge A, Saurel C, Trouessin G (2003) Organization based access control. In: Proceedings of the fourth international workshop on policies for distributed systems and networks (POLICY\u201903), Lake Como, 4\u20136 June 2003","DOI":"10.1109\/POLICY.2003.1206966"},{"key":"9147_CR25","unstructured":"Eppstein D, Muthukrishnan S (2001) Internet packet filter management and rectangle Geometry. In: Proceedings of the 12th annual ACM\u2013SIAM Symposium on Discrete Algorithms (SODA 2001), Washington DC, pp 827\u2013835, 7\u20139 Jan 2001"},{"key":"9147_CR26","unstructured":"Eronen P, Zitting J (2001) An expert system for analyzing firewall rules. In Proceedings of the sixth Nordic Workshop on Secure IT-System (Nonlsec 2001), Lyngby, pp 100\u2013107, 1\u20132 Nov 2001"},{"key":"9147_CR27","doi-asserted-by":"crossref","unstructured":"Fu Z, Wu F, Huang H, Lob K, Gong F, Baldine I, Xu C (2001) IPSec\/VPN security policy: correctness, conflict detection and resolution. In: Proceedings of policy\u20192001 workshop, Bristol, pp 39\u201356, 29\u201331 Jan 2001","DOI":"10.1007\/3-540-44569-2_3"},{"key":"9147_CR28","unstructured":"Garlik (2007) UK Cybercrime Report. https:\/\/www.garlik.com\/press\/Garlik%20Cybercrime%20Report.pdf"},{"key":"9147_CR29","unstructured":"Gordon L, Loeb M, Lucyshyn M, Richardson R (2006) CSI\/FBI computer crime and security survey. Computer Security Institute publications, New York, USA"},{"key":"9147_CR30","doi-asserted-by":"crossref","unstructured":"Gouda MG, Liu XYA (2004) Firewall design: consistency, completeness and compactness. In: IEEE International Conference on Distributed Computing Systems(ICDCS) 24. Tokyo, 24\u201326 March 2004","DOI":"10.1109\/ICDCS.2004.1281597"},{"issue":"2","key":"9147_CR31","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1109\/65.912717","volume":"15","author":"P Gupta","year":"2001","unstructured":"Gupta P, Mc Keown N (2001) Algorithms for packet classification. IEEE Netw 15(2): 24\u201332","journal-title":"IEEE Netw"},{"issue":"1","key":"9147_CR32","first-page":"187","volume":"17","author":"D Guster","year":"2001","unstructured":"Guster D, Hall C (2001) A firewall configuration strategy for the protection of computer networked labs in a college setting. J Comput Sci Coll 17(1): 187\u2013193","journal-title":"J Comput Sci Coll"},{"key":"9147_CR33","doi-asserted-by":"crossref","unstructured":"Guttman J (1997) Filtering postures: local enforcement for global policies. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, California, pp 120\u2013129, 4\u20137 May 1997","DOI":"10.1109\/SECPRI.1997.601327"},{"key":"9147_CR34","unstructured":"Guttman J, Herzog A (2003) Rigorous automated network security management. Technical report, MITRE Corp., 15 Aug. 2003. Preliminary version appeared in Proceedings VERIFY 2002, Copenhagen, 25\u201326 July 2006"},{"key":"9147_CR35","doi-asserted-by":"crossref","unstructured":"Hamed H, Al-Shaer E (2006) Dynamic rule-ordering optimization for high-speed firewall filtering. In: ASIACCS \u201806, Taipei, pp 332\u2013342, 21\u201324 March 2006","DOI":"10.1145\/1128817.1128867"},{"key":"9147_CR36","doi-asserted-by":"crossref","unstructured":"Hari A, Suri S, Parulkar G (2000) Detecting and resolving packet filter conflicts. In: Proceedings of IEEE INFOCOM, Tel Aviv, pp 1203\u20131212, 26\u201327 March 2000","DOI":"10.1109\/INFCOM.2000.832496"},{"key":"9147_CR37","unstructured":"Hazelhurst S (1999) Algorithms for analysing firewall and router access lists. Technical Report TR-Wits-CS-1999-5, Department of Computer Science, University of the Witwatersrand, South Africa, July 1999"},{"key":"9147_CR38","doi-asserted-by":"crossref","unstructured":"Hazelhurst S, Attar A, Sinnappan R (2000) Algorithms for improving the dependability of firewall and filter rule lists. In: DSN \u201800 Proceedings of the 2000 international conference on dependable systems and networks 2000, New York, 25\u201328 June 2000","DOI":"10.1109\/ICDSN.2000.857593"},{"key":"9147_CR39","doi-asserted-by":"crossref","unstructured":"Hinrichs S (1999) Policy-based management: bridging the Gap. In: Proceedings of the 15th annual computer security application conference, Phoenix, pp 209\u2013218, 6\u201310 Dec 1999","DOI":"10.1109\/CSAC.1999.816030"},{"key":"9147_CR40","unstructured":"Hunt C (1992) TCP\/IP network administration, USA, O\u2019Reilly and Associates, Inc"},{"key":"9147_CR41","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511810275","volume-title":"Logic in computer science","author":"M Huth","year":"2004","unstructured":"Huth M, Ryan M (2004) Logic in computer science. University Press, Cambridge"},{"key":"9147_CR42","unstructured":"Internet Systems Consortium, Inc. (2007) ISC Domain Survey. http:\/\/www.isc.org\/index.pl?\/ops\/ds\/host-count-history.php"},{"key":"9147_CR43","unstructured":"Konstantinou AV (2003) \u2018NESTOR: an architecture for network self-management and organization. http:\/\/www1.cs.columbia.edu\/dcc\/nestor\/ . Accessed 14 July 2007"},{"key":"9147_CR44","doi-asserted-by":"crossref","unstructured":"Lakshman TV, Stiliadis D (1998) High-speed policy-based packet forwarding using efficient multi-dimensional range matching. SIGCOMM\u201998, Vancouver, pp 203\u2013214, 31 Aug\u20134 Sept 1998","DOI":"10.1145\/285237.285283"},{"key":"9147_CR45","unstructured":"Lobo J, Bathia R, Naqvi S (1999) A policy description language. In: Proceedings of AAAI, 1999, presented at 16th national conference on artificial intelligence, Orlando, 18\u201322 July 1999"},{"key":"9147_CR46","doi-asserted-by":"crossref","unstructured":"Lupu E, Sloman M (1997) Conflict analysis for management policies. In: Proceedings of IFIP\/IEEE international symposium on integrated network management (IM 1997), California, pp 430\u2013443, 12\u201316 May 1997","DOI":"10.1007\/978-0-387-35180-3_32"},{"issue":"3","key":"9147_CR47","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1007\/s10207-005-0074-z","volume":"5","author":"A Mayer","year":"2006","unstructured":"Mayer A, Wool A, Ziskind E (2006) Offline firewall analysis. Int J Inf Secur 5(3): 125\u2013144","journal-title":"Int J Inf Secur"},{"issue":"5","key":"9147_CR48","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1145\/253769.253802","volume":"40","author":"R Oppliger","year":"1997","unstructured":"Oppliger R (1997) Internet security: firewalls and beyond. Commun ACM 40(5): 92\u2013102","journal-title":"Commun ACM"},{"key":"9147_CR49","unstructured":"Ou X (2005) A logic-programming approach to network security analysis, a dissertation presented to the faculty of Princeton University in candidacy for the degree of Doctor of Philosophy, Nov 2005"},{"key":"9147_CR50","unstructured":"Ou X, Govindavajhala S, Appel AW (2005) MulVAL: a logic-based network security analyzer. In: 14th USENIX security symposium, Baltimore, 1\u20135 Aug 2005"},{"key":"9147_CR51","doi-asserted-by":"crossref","unstructured":"Qiu L, Varghese G, Suri S (2001) Fast firewall implementations for software and hardware-based routers. In: Proceedings of 9th international conference on network protocols (ICNP\u20192001), Toronto, 11\u201314 Nov 2001","DOI":"10.1145\/378420.378849"},{"key":"9147_CR52","volume-title":"Encyclopedia of computer science","author":"A Ralston","year":"1995","unstructured":"Ralston A, Reilly E (1995) Encyclopedia of computer science. International Thomson Computer Press, London"},{"key":"9147_CR53","doi-asserted-by":"crossref","unstructured":"Russo A, Miller R, Nuseibeh B, Kramer J (2002) An abductive approach for analysing event-based requirements specifications presented at 18th international conference on logic programming (ICLP), Copenhagen, 29 July\u20131 Aug 2002","DOI":"10.1007\/3-540-45619-8_3"},{"key":"9147_CR54","volume-title":"Handbook of programming languages, vol IV\u2014Functional and logic programming languages","author":"P Salus","year":"1998","unstructured":"Salus P (1998) Handbook of programming languages, vol IV\u2014Functional and logic programming languages. Macmillan Technical, Indianapolis"},{"key":"9147_CR55","unstructured":"Screen digest (2007) The broadcast and media technology business: global market value, structure and strategy to 2010 (Jan 2007), http:\/\/www.screendigest.com\/reports\/ext\/06ext_broadmediatec\/readmore\/view.html"},{"key":"9147_CR56","doi-asserted-by":"crossref","unstructured":"Smith RN, Bhattacharya S (1997) Firewall placement in a large network topology. In: Proceedings 6th workshop future trends distrib. comput. Tunis, pp 40\u201345, 29\u201331 Oct 1997","DOI":"10.1109\/FTDCS.1997.644701"},{"key":"9147_CR57","unstructured":"Son TC, Lobo J (2001) Reasoning about policies using logic programming presented at AAAI (American Association for Artificial Intelligence) spring symposium on answer set programming, Stanford University, California, 26\u201328 March 2001"},{"key":"9147_CR58","doi-asserted-by":"crossref","unstructured":"Srinivasan V, Suri S, Varghese G (1999) Packet classification using tuple space search. In: Proceedings of ACM SIGCOM-M 1999 annual technical conference, vol 29, Cambridge, pp 135\u2013146, 30 Aug\u20133 Sept 1999","DOI":"10.1145\/316188.316216"},{"key":"9147_CR59","doi-asserted-by":"crossref","unstructured":"Team Cymru (2007) The Team Cymru Bogon List v3.4 22 Jan 2007, http:\/\/www.cymru.com\/Documents\/bogon-list.html","DOI":"10.1145\/1180176.1180190"},{"key":"9147_CR60","doi-asserted-by":"crossref","unstructured":"Uribe T, Cheung S (2004) Automatic analysis of firewall and network intrusion detection system configuration. FMSE\u201904 Washington DC, pp 66\u201374, 29 Oct 2004","DOI":"10.1145\/1029133.1029143"},{"key":"9147_CR61","doi-asserted-by":"crossref","unstructured":"Verma P, Prakash A (2005) FACE: a firewall analysis and configuration engine. In: Proceedings of the 2005 symposium on applications and the internet (SAINT\u201905), Trento, 31 Jan\u20134 Feb 2005","DOI":"10.1109\/SAINT.2005.28"},{"issue":"1","key":"9147_CR62","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/BF02141605","volume":"2","author":"R Wies","year":"1994","unstructured":"Wies R (1994) Policies in network and systems management. Netw Syst Manage 2(1): 63\u201383","journal-title":"Netw Syst Manage"},{"key":"9147_CR63","unstructured":"Wool A (2001) Architecting the Lumeta firewall analyzer. In: Proceedings of the 10th USENIX security symposium, Washington DC, pp 85\u201397, 13\u201317 Aug 2001"},{"issue":"6","key":"9147_CR64","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/MC.2004.2","volume":"37","author":"A Wool","year":"2004","unstructured":"Wool A (2004) A quantitative study of firewall configuration errors. IEEE Computer 37(6): 62\u201367","journal-title":"IEEE Computer"},{"issue":"6","key":"9147_CR65","doi-asserted-by":"crossref","first-page":"459","DOI":"10.1016\/j.cose.2004.02.003","volume":"23","author":"A Wool","year":"2004","unstructured":"Wool A (2004b) The use and usability of direction-based filtering in firewalls. Comput Secur 23(6): 459\u2013468","journal-title":"Comput Secur"},{"key":"9147_CR66","doi-asserted-by":"crossref","unstructured":"Xie G, Zhan J, Maltz DA, Zhang H, Greenberg A, Hjalmtysson G, Rexford J (2005) On static reachability analysis of IP networks. In: IEEE INFOCOM, 2005, Miami, pp 2170\u20132183, 13\u201317 Mar 2005","DOI":"10.1109\/INFCOM.2005.1498492"},{"issue":"6","key":"9147_CR67","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/336460.336473","volume":"43","author":"J Yang","year":"2000","unstructured":"Yang J, Papazoglou MP (2000) Interoperation support for electronic business. Commun ACM 43(6): 39\u201347","journal-title":"Commun ACM"},{"key":"9147_CR68","doi-asserted-by":"crossref","unstructured":"Yuan L, Mai J, Su Z, Chen H, Chuah CN, Mohapatra P (2006) FIREMAN: a toolkit for FIREwall modelling and ANalysis. In: Proceedings of the 2006 IEEE symposium on security and privacy, California, 21\u201324 May 2006","DOI":"10.1109\/SP.2006.16"}],"container-title":["Artificial Intelligence Review"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-009-9147-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10462-009-9147-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-009-9147-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T17:45:08Z","timestamp":1559151908000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10462-009-9147-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,6]]},"references-count":68,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2008,6]]}},"alternative-id":["9147"],"URL":"https:\/\/doi.org\/10.1007\/s10462-009-9147-0","relation":{},"ISSN":["0269-2821","1573-7462"],"issn-type":[{"value":"0269-2821","type":"print"},{"value":"1573-7462","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,6]]}}}