Uma linguagem de gerência de regras como extensão da linguagem SQL3. / A rule management language as extension of SQL3 language.

Viana, Sidney da Silva

10 August 2007

Este trabalho adota um modelo de regras estendido, que melhora a expressividade da linguagem SQL3, propondo o uso de novas variantes para o modelo de regras ECA (Evento - Condição - Ação). Porém, este modelo estendido abrange somente a definição de regras, faltando as outras operações de gerência, como eliminar ou modificar uma regra, entre outros mecanismos necessários para gerenciar estes novos tipos de regras. Neste trabalho, propõe-se uma linguagem de gerência de regras composta de um conjunto de operações para criar, excluir e alterar as regras e suas partes, com a finalidade de obter maior reuso e manutenibilidade das regras. Para tanto, analisa-se o modelo de regras estendido, para identificar quais são as suas limitações e as propriedades do modelo a serem consideradas na especificação da linguagem de gerência de regras proposta. O resultado desta análise é utilizado para a elaboração de um repositório de regras, necessário para armazenar os tipos de regras propostos. Este repositório armazena um conjunto de regras que se deve manter consistente, da mesma forma que os dados se mantêm consistentes em um banco de dados. Para tanto, foi definido um conjunto de regras de consistência. Também, é definido um conjunto de operações de gerência de regras que auxiliam na manipulação de regras e de seus elementos, armazenadas no repositório de regras. / This work uses an extended rule model which improves the expressiveness of SQL3 language, proposing the use of new variants for the ECA (Event-Condition-Action) rule model. Nevertheless, the extended model considers only the rule definition and it lacks other management operations, such as excluding or modifying rules, among others necessary mechanisms for these new rule types. In this work, a rule management language made of a set of operations for creating, eliminating and altering rules and its parts is proposed, in order to obtain greater reuse and maintainability of rules. For this purpose, the extended rule model is analyzed to identify its limitations and the properties that it supports to be considered in the rule management language proposed. The result of this analysis is used to define a rule repository, necessary for storing the rule types proposed. This repository stores a rules set which must be consistent, as well as data must be consistent in the database. Hence, a consistency rule set is defined. Besides, a rule management operations set is defined to help to handle rules and their elements, stored in the rule repository.

Active database

Banco de dados ativos

Gerência de regras

Rule management

SQL3

SQL3

Uma linguagem de gerência de regras como extensão da linguagem SQL3. / A rule management language as extension of SQL3 language.

Sidney da Silva Viana

10 August 2007

Este trabalho adota um modelo de regras estendido, que melhora a expressividade da linguagem SQL3, propondo o uso de novas variantes para o modelo de regras ECA (Evento - Condição - Ação). Porém, este modelo estendido abrange somente a definição de regras, faltando as outras operações de gerência, como eliminar ou modificar uma regra, entre outros mecanismos necessários para gerenciar estes novos tipos de regras. Neste trabalho, propõe-se uma linguagem de gerência de regras composta de um conjunto de operações para criar, excluir e alterar as regras e suas partes, com a finalidade de obter maior reuso e manutenibilidade das regras. Para tanto, analisa-se o modelo de regras estendido, para identificar quais são as suas limitações e as propriedades do modelo a serem consideradas na especificação da linguagem de gerência de regras proposta. O resultado desta análise é utilizado para a elaboração de um repositório de regras, necessário para armazenar os tipos de regras propostos. Este repositório armazena um conjunto de regras que se deve manter consistente, da mesma forma que os dados se mantêm consistentes em um banco de dados. Para tanto, foi definido um conjunto de regras de consistência. Também, é definido um conjunto de operações de gerência de regras que auxiliam na manipulação de regras e de seus elementos, armazenadas no repositório de regras. / This work uses an extended rule model which improves the expressiveness of SQL3 language, proposing the use of new variants for the ECA (Event-Condition-Action) rule model. Nevertheless, the extended model considers only the rule definition and it lacks other management operations, such as excluding or modifying rules, among others necessary mechanisms for these new rule types. In this work, a rule management language made of a set of operations for creating, eliminating and altering rules and its parts is proposed, in order to obtain greater reuse and maintainability of rules. For this purpose, the extended rule model is analyzed to identify its limitations and the properties that it supports to be considered in the rule management language proposed. The result of this analysis is used to define a rule repository, necessary for storing the rule types proposed. This repository stores a rules set which must be consistent, as well as data must be consistent in the database. Hence, a consistency rule set is defined. Besides, a rule management operations set is defined to help to handle rules and their elements, stored in the rule repository.

Banco de dados ativos

Gerência de regras

SQL3

Active database

Rule management

SQL3

Uživatelské rozhraní systému ERIAN v prostředí webových technologií / User interface of system ERIAN based on web technologies

Finger, Artur

January 2019

ERIAN is a complex business rule management system developed by com- pany Komix. Part of this system is the Rule Management Interface (RMI) which allows users to create, edit, schedule, test and otherwise manage their business rules. The RMI is implemented as a thick client based on C# and WPF, which has its disadvantages. This thesis provides a prototypical implementation of the RMI as a thin client based on cutting-edge web technologies. This thesis predominantly deals with the choice of the correct technologies for the task, while allowing develop- ment and maintainance of different customized versions of the RMI and making sure the prototype handles working with business rules seamlessly even if they are exceptionally large. The resultant RMI prototype is well testable and adds several new function- ality features, compared to the original. It lays a good foundation for a complete re-implementation of the RMI as a thin client.

Segmentation and dynamic expansion of IDS rulesets

Bannikere Eshwarappa, Theertharaja

January 2024

This research explores an innovative approach to managing extensive rulesets in Host Intrusion Detection Systems (HIDS) through segmentation and dynamic expansion. Drawing upon the MITRE ATT&CK framework, the methodology categorizes rulesets into initial detection, choke point detection, and advanced detection, streamlines threat detection, and optimizes resource utilization. The segmentation allows for targeted detection of potential threats, while dynamic expansion enables the addition of advanced detection rules based on attacker actions. The study evaluates the effectiveness of this approach in reducing performance overhead and improving threat detection capabilities. Test cases validate the approach for detecting multi-stage attacks and optimizing system performance. Results indicate that while the segmentation and dynamic expansion technique offers structured threat detection, challenges such as missed detections and complexity in rule management exist. Future research directions include refining segmentation processes and enhancing rule categorization logic. Overall, this research contributes to the advancement of HIDS methodologies and underscores the importance of ongoing refinement and validation in cybersecurity strategies.

Intrusion detection systems

rule management

MITRE ATT&CK framework

segmentation

dynamic expansion

system performance

Information Systems, Social aspects

Hantering av brandväggsregler med generativ AI: möjligheter och utmaningar / Managing firewall rules with generative AI: opportunities and challenges

El Khadam, Youssef, Yusuf, Ahmed Adan

January 2024

Brandväggar är en kritisk komponent i nätverkssäkerhet som kontrollerar och filtrerar nätverkstrafik för att skydda mot obehörig åtkomst och cyberhot. Effektiv hantering av brandväggsregler är avgörande för att säkerställa att ett nätverk fungerar smidigt och säkert. I stora företagsnätverk som Scania kan hanteringen av dessa regler bli komplex och resurskrävande, vilket kan leda till duplicerade och överlappande regler som försämrar systemets prestanda.Detta examensarbete undersöker tillämpningen av generativ artificiell intelligens (GAI) och maskininlärning för att hantera och optimera brandväggsregler, med fokus på identifiering och hantering av duplicerade och överlappande regler. Problemställningen adresserar de växande utmaningarna med att underhålla effektiva brandväggsregler i stora företagsnätverk som Scania. Genom att implementera och utvärdera en prototyp baserad på XGBoost, utforskar arbetet potentialen hos AI-tekniker för att förbättra hanteringen och säkerheten av nätverkstrafik. Resultaten visar att AI kan spela en kritisk roll i automatiseringen av processer för upptäckt och korrigering av felaktiga regler, vilket bidrar till ökad nätverkssäkerhet och optimerad resursanvändning. Studien bekräftar att användningen av AI inom brandväggshantering erbjuder betydande fördelar, men lyfter också fram behovet av fortsatt forskning för att adressera säkerhetsutmaningar relaterade till AI-lösningar. / Firewalls are a critical component of network security, controlling and filtering network traffic to protect against unauthorized access and cyber threats. Effective management of firewall rules is essential to ensure that a network operates smoothly and securely. In large enterprise networks like Scania, managing these rules can become complex and resourceintensive, leading to duplicate and overlapping rules that degrade system performance and security.This thesis investigates the application of generative AI (GAI) and machine learning to manage and optimize firewall rules, focusing on the identification and handling of duplicate and overlapping rules. The problem addresses the growing challenges of maintaining effective firewall rules in large enterprise networks like Scania. By implementing and evaluating a prototype based on XGBoost, this work explores the potential of AI techniques to improve the management and security of network traffic. The results demonstrate that AI can play a critical role in automating the processes for detecting and correcting faulty rules, contributing to increased network security and optimized resource usage. The study confirms that the use of AI in firewall management offers significant benefits but also highlights the need for further research to address security challenges related to AI solutions.

firewall

generative AI

firewall rules

network security

XGBoost

AI in cybersecurity

duplicated rules

machine learning

rule management systems

brandvägg

generativ AI

brandväggsregler

nätverkssäkerhet

XGBoost

AI i cybersäkerhet

duplicerade regler

maskininlärning

regelhanteringssystem