| The 21st century is the rapid development of information technology era, with the rapid rise of mobile Internet, the exchange of information whenever and wherever is becoming an indispensable part of people's daily life. Along with the rapid development of information technology, the security problems have been paid more attention to. As an important part of research in network information security, firewall technology is increasingly being valued by the people.In this paper, the rule set of firewall configuration has researched from two directions by decomposition algorithm of firewall rule set and dynamic optimization algorithm of firewall rule set.Firstly, the decomposition algorithm of firewall rule set, this paper proposed optimization principle a firewall rule set, aiming at five problems of firewall rules optimization principles are presented related. Secondly, this paper proposes a classification algorithm of the rules based on decision tree, in this algorithm constructs the model of the decision tree, focused on the classification of firewall rules, using the model of the decision tree does not change the priority of the original redundant rule. Thirdly this paper proposes a decomposition algorithm based on the rules of mask decomposition, according to the feature of IP address, this algorithm proposes a algorithm of mask split, is used to decompose the original IP address, at the same time, according to the optimization principle of firewall rule sets, eliminate invalid rules among them, and get to a new rule set. Finally, this paper analyzes the importance of the decision tree algorithm, and describes the model of the decision tree by using the experiments can improve the decomposition of the time complexity of the algorithm.According to the dynamic optimization algorithm of firewall rule set, the priority of firewall rules is the research focus of this algorithm. This paper firstly analyzes the statistical analysis algorithm of the dynamic optimization in the existing, and secondly presents an improved statistical analysis algorithm, through the analysis this paper finds that some problems of statistical analysis algorithm, and finally this paper proposes a dynamic optimization algorithm based on the heap structure firewall rule set. In the dynamic optimization algorithm based on the heap structure, this paper presents an improved heap model, which is used to store the firewall rule set,at the same time,according to the improved heap model this paper presents a dynamic adjustment algorithm, the algorithm can complete the dynamic adjustment function for the firewall rule set. In the experimental part of the algorithms, this paper analyzes the efficiency of rule matching of the three algorithms,including the statistical analysis algorithm, improved statistical analysis algorithm and the dynamic optimization algorithm based on the heap structure, and at last this paper get the conclusion of the efficiency of rule matching of the dynamic optimization algorithm based on the heap structure is better than others. |
PDF Full Text Request