Detecting And Resolving Firewall Anomalies

Firewall is one of the most widely deployed security mechanisms,and the configuration of the network filtering policy is associated with the effectiveness of firewall.Today,the technology of detecting and resolving firewall anomaly has been widely used in real-world scenarios.When the firewall contains some anomaly policies,the system will detect and assess these anomaly policies and automatically resolve the conflict.The application of this technology greatly improves the stability and security of the firewall.With the development of the Internet,the security requirement of the firewall is higher and higher,the technology of detecting and resolving firewall anomaly has become a research hotspot.Because the number of rules in the firewall is very large,the conflict between these rules is much more complex.It is impossible to resolve the conflict manually,so people gradually use automated technology to resolve the anomaly.Now the technology of detecting and resolving firewall anomaly has been able to detect the policy anomaly accurately,but the effect of anomaly resolution is still not satisfactory.When a rule of action is wrong,it will lead to multiple rules anomaly.At the same time,the efficiency of detection and processing methods is still not good.In the past,researchers have proposed many approaches to handle the conflict.In general,people divided the rule set into several subsets.Each of subsets contains dozens or even hundreds rules.Then we need assess the risk of these subsets and resolve the conflict based on the assessment.These methods can improve the efficiency of resolving process when the assessment is correct.However,when the assessment is wrong,it will affect multiple strategies,resulting in serious security vulnerabilities.At the same time,the standard of the evaluation of the effect of anomaly resolution is not precise.It can not accurately assess the effectiveness of the method.In fact,the conflict is still existed,even more serious.In order to solve these problems,in this thesis,we design an efficient algorithm for detecting anomaly rules and preserving valid information.An anomaly resolving algorithm based on anomaly domain is proposed,and the valid information is used to optimize the subsequent anomaly processing.We first construct the risk assessment model to evaluate the risk level of the anomaly domain and optimize the model parameters to improve the accuracy of the assessment,and use the valid information to speed up the process of anomaly resolution.Our approach will resolve anomaly without affecting the other strategies and improve system stability and maintainability.We compared the experimental results with the approach of Hongxin Hu and found that our approach reduced the area of the anomaly domain significantly,and the advantage of the method was verified.