| Firewall is one of the most important methods in network security. In this paper we discussed the principle of Packet-Filtering Firewalls and analyzed the algorithms and techniques that the anomalies of firewall policy can be discoveried automaticly.Then, we deeply researched the structure of packet matching and implemented the optimized algorithm of Rule-tree which improved Firwall's performance. First We introduced the principle and the Function of Firewall,discussed the technology of the Packet-Filtering Firewall which based on predefined security strat-egy and rule oldering to analyzed the packet's characteristic and protected the network security.The right configuration of Firewall's rule ordering influenced the high-speed performance on network directly. We described a model to reveal the rule conflicts and potential problems in legacy firewalls and implemented the anomaly discovery algorithm.For the requirement of current high speed network technologies, The rule match-ing speed and matching algorithm plays a critical role in Packet Filtering Firewalls. The rule ordering is the major factor on matching performance .In this paper, we pre-sent a novel technique on how to define the weight of Firewall rule based on Internet traffic characteristics and we presented an optimized Firewall Filtering policies based on weight of Rule.Further, We implemented a new algorithm of constucting a Rule- tree which Source-Ip is used as key node .The matching depth of Rule-tree's structure is less than Rule ordering optimization.We solved the problem of the Rule-tree's node is con-structed by"*". we discribed the Princinple of Packets matching Rule-tree.In the last chapter we discussed several testing methods of Firewall. We evaluated the performance of Firewall in different rule ordering by using emulator and Ava-lanche.It shows the matching performance of Rule ordering Optimization Firewall improvement remarkably. |
PDF Full Text Request