Study And Implementation Of Anomaly Detecting And Ordering Optimization Of Firewall Rules

With the rapid development of the Internet, more and more schools, governments and enterprises expand their business and communication through the Internet. The Internet brings convenience and efficiency to our daily life, at the same time lots of problems occur, especially the network security. Firewall, as the earliest and the widest deployed security product, plays a key role in network security. For the unique position of firewall in networks, the correctness of the rules of the firewall affects the efficiency of the firewall, and then affects the whole network. Because of this, lots of attention was paid to the firewall.Althouth deployment of firewall is an important step toward securing our networks, the complexity of managing the firewall rules might limit the effectiveness of firewall security. When the rules are defined, serious attention has to be given to rule relations and interactions in order to determine the proper position and guarantee correct security policy senmatics. As the number of the rules increases, the difficulty of adding a new rule or modifying an existing rule increases, thus conflicts of rules might be introduced. Besides, a typical large-scale enterprise network might involve hundreds of rules that might be written by different administrators at various times. So, the probability of introducing conflicts increases and the networks are more vulnerable.Basically, firewall rules are predetermined and will not change after being deployed. Current optimization techniques exploit the characteristics of filtering rules, but they do not take the traffic behaviour into account. Thus, the current optimazations fail to reflect the dynamic traffic characteristics and the ever-changing newwork topology.On this paper, based the current study of firewall rule modeling and optimizations, I have done the following work:1. Build a model for fitering rules and define the relations of the rules. Discuss the anomlies and propose an algotherim to detect the conflicts between rules. Based on the detecting algorithm, implement an anomy-free rule editor.2. Propose an algorithm witch dymanically reorders filtering rules according to the traffic behaviour without changing the semantics of the firewall security policy and implement a rule reordering system. We also discuss the timing for reordering and how to optimize fitering rules more in the future.