| As the most widely used network equipment, firewall is usually deployed in the boundary position between the organization’s internal network and external networks By detecting packets to control data access and transfer though internal and external network, firewall can keep internal network from illegal non-authorized external access, and achieve effective filtering of harmful information.Along with the increasingly concern about the network security, firewall as the first line of defense of the internal network protection, its safety is especially important. A core work of the firewall administrators is to detect the rules anomalies. Rules anomalies, one hand may be contrary to the security policy, affecting firewall security; the other hand, may reduce the performance of the firewall.For rules anomalies detection, we first analyze the current research status, based on the research objectives; we proposed an Incomplete Decision Tree Based Rules Anomalies Detection algorithm. The algorithm defines the general formal expression of rules, though analyses of the relationship between rules, we defined three types of anomalies between the rules. Based Incomplete Decision Tree Based Rules Anomalies Detection algorithm is not only able to achieve the type of identification for different types of anomalies, but also track the anomalies source to provide the necessary information for the further elimination of rules anomalies.In order to verify the correctness of the algorithm, we implemented a prototype system based on the algorithm, and verify the correctness of the rules anomalies detection, and the practicality of the firewall management through IPtables.Finally, we make a summary. At the same time, we put forward the problems which must be solved and further work. |
PDF Full Text Request