一种云环境下防火墙策略异常处理的优化方法

An Optimized Method of Solving Policy Anomalies in Firewall in Cloud Environment

下载PDF

导出

摘要针对传统防火墙策略异常处理方法在云环境下效率低的问题,提出一种基于规则风险值和堆排序的优化方法.基于CVSS通用漏洞评估系统标准,结合BP神经网络自学习原理,建立策略风险评估模型,计算规则的风险值.根据策略风险值优化冲突异常处理算法,并引入堆排序提高冗余异常处理的效率.对比实验表明,改进后的方法能很好地处理冲突异常和冗余异常,提高了防火墙效率. Considering that the traditional method of solving policy anomalies in firewall is inefficient in cloud environment,the paper proposed an optimized method based on risk value of firewall rules and heap sort algorithm. One risk evaluation model is established to calculate the risk value of rule,using the combination of CVSS and BP neural network self-learning methods.According to risk value of firewall rules,the conflict abnormality will be solved,and the heap sort algorithm will be introduced to solve the redundant abnormality.The comparative experiments show that the improved method can well deal with conflict abnormality and redundant abnormality, improving the efficiency of the firewall.

作者杨川刘丹

机构地区电子科技大学电子科学技术研究院

出处《微电子学与计算机》 CSCD 北大核心 2015年第9期45-48,53,共5页 Microelectronics & Computer

关键词云环境防火墙策略异常 BP 神经网络评估模型 CVSS cloud environment policy anomalies in firewalls CVSS BP neural network evaluation model

分类号 TP316 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献12

1Yuan L, Chen H, Mai J, et al. Fireman: a toolkit for firewall modeling and analysisEC// IEEE Symposium on Security and Privacy. Berkeley, 2006: 15-213.
2Alfaro J G, Boulahia C N, Cuppens F. Complete anal- ysis of configuration rules to guarantee reliable net- work security policies[J]. International Journal of In- formation Security, 2008,7(2) : 103-122.
3Hu H, Ahn G J, Kulkarni K. Detecting and resolving firewall policy anomalies [J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9 ( 3): 318-331.
4A1-Shaer E, Hamed H, Boutaba R, et al. Conflict classification and analysis of distributed firewall poli- cies[J]. Selected Areas in Co unications, 2005, 23 (10) : 2069-2084.
5蒋杨永,蒋建华.基于BP神经网络的虚拟企业风险评价研究[J].计算机仿真,2009,26(12):261-264. 被引量：6
6Abedin M, Nessa S, Khan L, et al. Detection and res- olution of anomalies in firewall policy rules[J]. Berlin: Springer, 2006 : 15-29.
7Bryant R E. Graph-based algorithms for boolean func- tion manipulation[J]. IEEE Transactions on Comput- ers, 1986,100(8) : 677-691.
8王秋艳,张玉清.一种通用漏洞评级方法[J].计算机工程,2008,34(19):133-136. 被引量：13
9Hu H, Ahn G J, Kulkarni K. Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9 (3): 318-331.
10Deboosere L, Vankeirsbilck B, Simoens P, et al. Cloud-based desktop services for thin clients[J]. Inter- net Computing, IEEE, 2012,16(6): 60-67.

二级参考文献11

1Luis L Martins, Lucy L Gilson, M Travismaynard. Virtual Teams: What Do We Know and Where Do We Go From Here? [J]. Journal of Management, 2004,30(6): 805-835.
2M T Martinez, et al. Virtual enterprise organization, evolution and control[ J]. International Journal of Production Economics, 2001, 74(1 -3) : 237 -250.
3J Hallikas, et al. Risk management processes in supplier networks [ J]. International Journal of Production Economics, 2004, 90 (1) :47 -58.
4M C Lacity, L R Willcocks & D F Feeny. IT Outsourcing: Maximize Flexibility and Control[ J]. Harvard Business Review, May- June, 1996.84 -93.
5K H Park, J Favrel. Virtual enterprise - information system and networking solution [ J ]. Computers and Industrial Engineering, 1999, 37(1): 441 -444.
6M Zweiacker, et al. Virtual enterprise generic applications, Proceedings of the IEEE International Workshop on Research Issues in Data Engineering 1999 [ M ]. IEEE Comp Soc, Los Alamitos, CA, USA. 92 - 94.
7National Vulnerability Database[Z]. (2007-08-08). http://nvd.nist. gov/.
8Mell P, Scarfone K, Rornanosky S. A Complete Guide to the Common Vulnerability Scoring System Version 2.0[Z]. (2007-07-06). http://www.first.org/cvss/cvss-guide.html.
9Microsoft 的IT安全实践[Z]. (2004-04-20). http://www.microsoft. com/china/technet/itsolutions/msit/security/mssecbp.mspx#EIB AC.
10Threat Severity Assessment[Z]. (2006-12-12). http://www.symantec com/avcenter/threat.severity.html.

共引文献16

1杨宏宇,朱丹,谢丽霞.网络信息系统漏洞可利用性量化评估研究[J].清华大学学报（自然科学版）,2009(S2):2157-2163. 被引量：6
2李新明,李艺,刘东.软件脆弱性影响分析模型[J].计算机工程,2010,36(17):63-65. 被引量：1
3杨宏宇,谢丽霞,朱丹.漏洞严重性的灰色层次分析评估模型[J].电子科技大学学报,2010,39(5):778-782. 被引量：12
4张炎亮,谭黎.虚拟企业风险识别与评价实验研究[J].物流工程与管理,2011,33(2):113-115.
5李艺,李新明,崔云飞.软件脆弱性危险程度量化评估模型研究[J].计算机科学,2011,38(6):169-172. 被引量：7
6卓先德.网络安全评估的仿真与应用研究[J].计算机仿真,2011,28(6):177-180. 被引量：14
7夏冰,郑秋生.一种定量和定性的安全策略评估方法[J].中原工学院学报,2011,22(2):33-36.
8曾筝.商业银行信用风险评估方法研究[J].计算机仿真,2011,28(8):372-375. 被引量：7
9任剑锋,张新祥.电子商务客户流失的建模与预测研究[J].计算机仿真,2012,29(5):363-366. 被引量：7
10杨文杰,蔡勉.一种适用于配置漏洞的安全配置评估系统[J].计算机与现代化,2012(8):71-76. 被引量：1

1李毕祥.分布式防火墙策略异常检测与分析[J].计算机与数字工程,2011,39(11):114-117. 被引量：3
2张凤荔,冯波.基于关联性的漏洞评估方法[J].计算机应用研究,2014,31(3):811-814. 被引量：10
3廖丹,周明,刘丹,田忠.一种自动优化CVSSv2.0漏洞指标的评估方法[J].计算机工程与应用,2015,51(2):103-107. 被引量：4
4刘玲,柴乔林,耿晓义.考虑负载均衡的无线传感器网络数据汇集算法[J].计算机工程与应用,2007,43(33):144-146.
5李舟,唐聪,胡建斌,陈钟.面向SaaS云平台的安全漏洞评分方法研究[J].通信学报,2016,37(8):157-166. 被引量：5
6王明贞,赵国鸿,唐勇.基于多核网络处理器的高效流管理技术研究[J].小型微型计算机系统,2012,33(12):2591-2594. 被引量：2
7张齐,刘群.冲突证据融合方法的研究与改进[J].计算机工程与设计,2010,31(10):2262-2265. 被引量：2
8邓宝龙,吴军.基于DFSQL实现分布式防火墙策略异常检测与分析[J].计算机与数字工程,2012,40(10):99-101.
9徐刚强,胡伏湘.一种分布式防火墙规则冲突的检测算法[J].计算机测量与控制,2011,19(7):1596-1598. 被引量：1
10杨文杰,蔡勉.一种适用于配置漏洞的安全配置评估系统[J].计算机与现代化,2012(8):71-76. 被引量：1

微电子学与计算机

2015年第9期

浏览历史

内容加载中请稍等...

一种云环境下防火墙策略异常处理的优化方法

参考文献12

二级参考文献11

共引文献16

相关作者

相关机构

相关主题

浏览历史