|
Future directions
TITAN is currently in a very early stage of development. Before it can be a real,
effective firewall, it needs further work in several areas.
Administrator Interface
TITAN does not have an accessible interface for customizing its behavior. For example,
it lacks a simple method for "seeding" the database in order to manually approve or deny
certain known types of traffic. Such an interface is necessary before TITAN can be
really useful.
Weights and Attributes
TITAN tracks connections according to certain specific attributes and calculates
distances and scores by applying different weights to them. Since they
are key to TITAN's effectiveness, significant work must be done in order to determine the
weights and attributes that will make TITAN as accurate as possible.
Efficiency
TITAN is very data- and processor-intensive. Optimizations to its scoring algorithm, such as
improved clustering, could greatly improve TITAN's response time to suspicious traffic.
TITAN also currently relies on polling to determine when new traffic arrives. A change
to a trigger-based notification system would eliminate this cpu burden.
Rule Generation
Currently, TITAN's algorithm for generating new rules is very simple. A more complex
algorithm would make TITAN much more flexible.
|
| |