| With the development of computer science and hardware of advanced computers, high-speed computers are connected by the network to communicate and deliver messages. The World Wide Web is changing the way we live, work, study and recreate, meantime bring us great convenience. However, personal data, important resources in enterprises and confidential information in government are exposed and threatened with the prevalence of the network. Consequently, security of network information attracts more and more concern in nowadays.As one of the core techniques in network information security, firewall is the first barrier to prevent external network from attacking internal network. All the data from external network need to be checked by the firewall strictly. The firewall becomes the bottleneck of communication with the data grows while the speed of network slows down or even breakdown. Therefore, it is of great significance to improve the filtration ability as well as the performance of firewall.The performances of firewalls are improved by detecting confliction of rules and regulating sequence of rules. However, it is not effective enough for these classical methods. Based on information gain theory, this paper proposed a decision tree in the aspect of firewall filtration sequencing. Also the optimal sequence of filtering domain is determined by the relationship between levels of decision tree and sequence of firewall filtering domain. Computational experiments show that the number of comparison between meta data of data package and firewall rules is significantly decreased by this sequencing method. Thus the efficiency of filtering of firewalls is improved remarkably. |
PDF Full Text Request