摘要
为提高防火墙安全规则的查找速度,提出了一种面向IP地址集合处理的时间复杂度为O([log32N])的三叉树查找算法,N为安全规则数。用空间分析法解决规则冲突,并给出规则树的生成算法,该方法适用于控制应用的可靠性分析和安全完整性等级验证的要求。
A ternary search tree algorithm in time O(rlog32NT),which is IP address range set oriented,is presented for speedups of searching firewall rules, where N is the number of rules. This paper also proposes the analysis of a multi-dimensional Euclidean space model on which rules are specified to solve the problem of rule conflict. The generating algorithm of firewall rule tree is de- scribed in details. The ternary search tree algorithm facilitates system reliability analysis and verification of safety integrity level, and is particularly applicable to control applications.
出处
《电子技术应用》
北大核心
2012年第10期133-135,共3页
Application of Electronic Technique
关键词
防火墙规则集
规则匹配
规则冲突检测
三叉树
firewall rule set
packet classification
rule conflicts detection
ternary search tree
