Research On Dynamic Optimization Of Firewall Rule Set

With the development of science and technology,network plays an increasingly important role in people's daily life.Cyber security issues,however,also become significant along with advanced information network.As an important infrastructure,firewall plays an irreplaceable role in network security system.And access control rule set is core among the firewall configuration items.A set of specific firewall rule set can only work efficiency in particular network environment,but the network environment changes rapidly,and the existing update optimization method of access control rule set can not response to the changing network environment in time,which makes the firewall packet filtering less efficient.Therefore,it is of great theoretical significance and practical value to study the dynamic optimization method of firewall rule set in which the firewall can timely adjust to the rule set according to real-time network environment.The filtering data packet is inefficient because of the order matching feature of the firewall,for the restrictions of existing method and relatively higher price,an optimization method of firewall rule is proposed combining the rate of rule matching and the information of rule matching time distribution.This method calculates the matching hit rate of each rule in the firewall rule set and the time distribution variance of the matching hit by analyzing the firewall running.It also calculates the weight value of each rule according to the two parameters and finally adjusts the weight value according to its priority in the firewall rule set.The results show that the proposed method can significantly reduce the average number of packet matching rules and the average packet delay.It shows that the method effectively improves the efficiency of the firewall in filtering data packets and optimizing the firewall rule set.The firewall can not dynamically add and delete the filtering rules according to the changes of the network environment,For another issue that the existing methods require an exclusive trigger and the dynamically deleting the filtering rules is not considered,In this paper,a firewall self-adapting capability promotion method is proposed,which is combined with a firewall log analysis and intrusion detection.In this method,a new rule is inserted into the firewall rule set according to information of the packet matching firewall default rules,which reduces the average number of packet matching rules and thus improves the firewall filtering efficiency.At the same time,a blocking rule is generated through intrusion detection of data packets with aggressive behavior,which can intercept them in order to enhance the security of firewall.In the meantime,considering the issue that filtering efficiency of the firewall will decrease with the constant addition of new rules,a firewall rule life-cycle detection mechanism is developed to remove the rules which have not been matched by packets for a long period.The experimental results show that the proposed method can dynamically add or delete firewall rules according to the changing network environment,and it can also reduce the average number of packet matching rules and attack packets,which helps firewall maintain a high filtering efficiency,as well as enhance the self-adaptive ability.A set of dynamic optimization prototype system of firewall rule set is designed and implemented,which can realize firewall rule's browse,setting,dynamic optimization,addition and deletion,and it supports real-time traffic monitoring of firewall.The system can dynamically adjust to the rule set of the firewall and keep the firewall maintaining a high packet filtering efficiency and better security.