| Along with the rapid development of Internet technology, because of its low cost and rapid communication ability, it promotes enterprises, schools, organizations and government departments to have a huge change in the organization mode. Now people are more willing to use the Internet as a platform for information exchange, so people rely on it than ever before. However the Internet is a double-edged sword, it provides people with fast and convenient services, but also results in serious network security issues. Under this situation, the firewall appeared, which is used to protect the internal network security and called "the first gate of network security ". Firewall, as the earliest and the widest deployed security product, plays a key role in network security.Current research is focused on that how to promote the firewall packet filtering speed, but firewall security policy is seldom considered, which presents as a rule table in firewall. As an important part of the network security, the correctness of rules of the firewall have a significant impact on its efficiency directly, which further affects the protected network. Based on the study of the firewall model and function, this research mainly includes the following work:â‘ In the process of the firewall rule configuration, there are two issues must be considered. First, when rules are defined, serious attention has to be paid to rule relations and interactions in order to ensure the correctness and integrity of the security policy. Secondly, along with the increasing number of rules, the probability of rule anomalies and the difficulty of the management of rules is increasing. Through the analysis of above problems, this paper defines five relationships that exist in rules, and the method to build rules model. On this basis, the paper classifies the anomaly among rules, presents a anomaly detection algorithm, and achieves a rule management tool with the function of anomaly detection.â‘¡Typically, once firewall rules are configured, the order of rules will not be changed. The firewall based on sequential rules compares data packets with the rules sequentially until the matched rule is found. However, with the increasing number of rules, packets need to be compared with the larger number of rules which consumes more time and degrades the performance of the firewall significantly.This paper analyzes the characteristics of network traffic and discovers that only a small portion of the firewall rules are used to match a significant portion of data packets. If the priority of these rules can be raised, it can effectively reduce the number of rule comparisons. Therefore the paper focuses on the optimal firewall rule ordering. The DAG graph are used to model for rules in order to ensure the integrity of the security policy. According to the rule matching probability, a novel algorithm is used to dynamically adjust the DAG graph of rules to optimize the rules ordering. |
PDF Full Text Request