摘要
防火墙在网络安全中起到很重要的作用,其中防火墙策略中的规则决定了网络数据包被"允许"或被"拒绝"进出网络。对于大型网络来说,由于规则太多,管理者很难保证其中不出现冲突,因此策略中规则冲突的检测及解决成为了保证网络安全的重要方面。提出了一种基于MapReduce模型的防火墙策略冲突检测解决算法,它对由基于规则的分段技术得到的片段进行自定义的排序,之后将其转化为规则的形式来代替原来的规则进行数据包的过滤。片段间两两不相交且匹配的包只执行一种动作,从而消除了冲突。
Firewalls are playing a very important role in network security, because the flrewall policy rules are determi ning that the network packet "Allow" or "Rejected" out of network. For the large networks, the rules are too many to ensure they have not conflict, therefore the detection and resolution of the policy conflict become an important aspect of network security. This paper presented a parallel method of flrewall policy conflict detection and resolution algorithm, which resorts the segments formed by the rule-based segmentation technology, and translates the segments into the form of rules, uses this new rules instead of the original rules for packet filtering. Because all segments are pairwise dis- jointed and every segment has one action, the conflicts in policy are resolved.
出处
《计算机科学》
CSCD
北大核心
2013年第3期50-54,共5页
Computer Science
基金
国家自然科学基金重点项目(61133005)
国家自然基金项目(61070057
61103047)
国家科技支撑计划项目(2012BAH09B02)
教育部科技创新工程重大项目培育资金项目(708066)
教育部博士点基金(20100161110019)
湖南省杰出青年基金(12JJ1011)资助
关键词
防火墙
规则冲突
分段
动作
排序
Rules, Confliction, Segment, Action, Ordering