Protocol decode based stateful firewall policy definition language

The policies for thwarting attacks on systems vary greatly in complexity, ranging from simple static firewall rules to complex stateful protocol state machine analysis. As intrusion detection systems are getting integrated into firewall solutions, there is a need for a language that can define both firewall policies and system intrusion behavior and exhibit inter-operable traits. This paper presents an XML based, self-documenting State-Aware Firewall Language (SAFire) that is designed to express the various kind of firewall and intrusion behavior.