期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于LE-Trie的防火墙策略检测算法 被引量:4

Detection Algorithm for Firewall Policy Based on LE-Trie
下载PDF
导出
摘要 防火墙策略是一系列具体的规则集合,策略的制定对防火墙功能的发挥至关重要,不能存在异常情况。为此,研究基于惰性展开的Trie数据结构,利用LE-Trie结构存储规则表,提出一种防火墙策略的冲突检测与消除算法。仿真结果表明,与使用普通Trie结构的算法相比,该算法具有更高的执行效率。 The firewall policy is a sequence of rules set, so it is very important to make the firewall work well and it must be without any conflicts. This paper introduces a description method based on LE-Trie data structure for firewall policy conflict detecting. Simulation result shows that using the LE-Trie storage rule table to describe the firewall policy can use less memory than the ordinary ones, and it can get a higher search speed as detecting conflicts.
作者 梁建武 龙晓梅 刘军军
机构地区 中南大学信息科学与工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2010年第22期134-136,共3页 Computer Engineering
基金 国家自然科学基金资助项目(60173041)
关键词 网络安全 防火墙策略 LE—Trie结构 规则冲突 network security firewall policy LE-Trie construction rule conflicts
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献7

  • 1AlShaer E, Hamed H. Firewall Policy Advisor for Anomaly Detection and Rule Editing[C]//Proceedings of IEEE/IFIP IM'03. Colorado Springs, USA: [s. n.], 2003.
  • 2Wool A. A Quantitative Study of Firewall Configuration Errors[J]. IEEE Comouter. 2004.37(6): 62-67.
  • 3Gupta P, McKeown N. Algorithms for Packet Classification[J]. IEEE Network, 2001, 15(2): 24-32.
  • 4Hari B, Suri S, Parulkar G. Detecting and Resolving Packet Filter Conflicts[C]//Proceedings of INFOCOM'00. Tel-Aviv, Israel: IEEE Press, 2000.
  • 5Taylor D E, Turner J S. ClassBench: A Packet Classification Benchmark[R]. Saint Louis, USA: Washington University in Saint Louis, Tech. Rep.: WUCSE-2004-28, 2004.
  • 6Baboescu F, Singh S, Varghese G. Packet Classification for Core Routers: Is There an Alternative to CAMs?[C]//Proceedings of INFOCOM'03. San Francisco, USA: IEEE Press, 2003: 53-63.
  • 7王卫平,陈文惠,朱卫未,陈华平.防火墙规则配置错误快速检测算法[J].计算机工程,2007,33(11):132-134. 被引量:6

二级参考文献5

  • 1Gouda M,Liu X.Firewall Design:Consistency,Completeness,and Compactness[C]//Proceedings of the 24^th IEEE International Conference on Distributed.2004-03.
  • 2Al-Shaer E,Hamed H.Design and Implementation of Firewall Policy Advisor Tools[R].School of Computer Science Telecommunications and Information Systems,DePaul University,CTI-techrep:0801,2002-08.
  • 3Hari B,Suri S,Parulkar G.Detecting and Resolving Packet Filter Conflicts[C]//Proceedings of IEEE INFOCOM'00.2000-03.
  • 4Baboescu F,Varghese G.Fast and Scalable Conflict Detection for Packet Classifiers[C]//Proceedings of the 10^th IEEE International Conference on Network Protocols.2002.
  • 5Han J,Kamber M.Data Mining:Concepts and Techniques[M].Morgan Kaufmann,2000.

共引文献5

同被引文献33

  • 1蒋宁,廉东本.包过滤防火墙相关规则的排序及向无关规则的转化[J].小型微型计算机系统,2004,25(8):1550-1553. 被引量:6
  • 2田大新,刘衍珩,李永丽,唐怡.数据包过滤规则的快速匹配算法和冲突检测[J].计算机研究与发展,2005,42(7):1128-1135. 被引量:14
  • 3李鑫,季振洲,刘韦辰,胡铭曾.防火墙过滤规则集冲突检测算法[J].北京邮电大学学报,2006,29(4):90-93. 被引量:6
  • 4王卫平,陈文惠,朱卫未,陈华平.防火墙规则配置错误快速检测算法[J].计算机工程,2007,33(11):132-134. 被引量:6
  • 5AL-SHAER E S, HAMED H H. Conflict classificatinand analysis of distributed firewall policies[J]. IEEE Journal on Selected Areas in Communications-JSAC, 2005, 23(10):2069-2084.
  • 6AL-SHAER E S, HAMED H H. Discovery of policyanomalies in distributed firewalls[C]//INFOCOM 2004.Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. [S.l.]: IEEE, 2004.
  • 7CUPPENS F, CUPPENS B N, GARC'A A J. Detecting and removal of firewall misconfiguration[C]//Proceeding (499) Communication, Network, and Information Security. [S.l.]: [s.n.], 2005.
  • 8ERONEN P, ZITTING J. An expert system for analyzing firewall rules[C]//Proceedings of the 6th Nordic Workshop on Secure. [S.I.]: [s.n.], 2001.
  • 9WANG Dong, HAO Rui-bing, LEE D. Fault detection in rule-based sottware systems[J]. Information and Software Technology, 2003, 45(12): 865-871.
  • 10QIU Li-li, VARGHESE G, SURI S. Fast firewall implementations for software and hardware-based routers[C]//Proceedings of the 2001 ACM'SIGMETRICS International Conference on Measurement and modeling of Computer Systems. [S.l.]: ACM, 2001.

引证文献4

二级引证文献6

计算机工程
2010年 第22期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部