The present disclosure relates generally to the field of network engineering, and more particularly to systems and methods for controlling a network security device by generating and applying filtering and network address translation controls.
Conventionally, human experts and network designers of cyber-physical systems (CPS), such as airplanes, receive specifications and user manuals that are utilized to devise controls (i.e., rules) for securing the networks within the CPS. As software is introduced and removed from the network and/or the CPS, the rules governing the security and traffic flow in/of the system may be updated. This process is inefficient and may introduce errors.
The work in background materials [1], [2], and [3] contained at the end of the Detailed Description of this present disclosure include proposed algorithms to filter out denial-of-service sources based on their source Internet Protocol (IP) addresses only. The work in background material [4] provides a language to unify firewall programming languages to help enable the automatic generation of firewall rules; however, [4] does not provide details on the exact methodology utilized to generate such rules. (See citations at the end of the Detailed Description of Illustrative Embodiments.)