摘要
防火墙冲突检测算法是一种经典的解决防火墙过滤规则间冲突的优化算法,可有效地提高防火墙规则集的运行效率,减少规则间冲突的发生,从而节约大量的计算资源,保障网络通信的正常进行,但随着数据规模和用户数量的飞速增长,防火墙规则集也在日益扩大,原有的冲突检测算法已无法满足当前的网络通信需求,必须加以改进。论文提出了将默认规则与冲突检测算法相结合,在检测之前先执行预优化的改进策略,同时将默认规则进行解析处理,随后将其与原有规则集相合并,大大提高了防火墙的匹配效率,缩短了防火墙的处理时延。
Firewall conflict detection algorithm is a classical algorithm for the rule set of firewall filtering, which could effec-tively improve the efficiency of the firewall rule set and reduce the conflict between the rules,so as to save a lot of computing re-sources and ensure the normal operation of the network communication. However, with the rapid growth of data size and the number of users, the original conflict detection algorithm has been unable to meet the current network communication needs because the fire-wall rule set is also increasing, so the improvement is essential. This paper proposes to combine the default rules and the collision detection algorithm, and improve the pre optimization before detection. At the same time, the default rule is analyzed and combined with the original rule set, which greatly improves the matching efficiency of the firewall and shortens the processing delay of the fire-wall.
出处
《计算机与数字工程》
2017年第7期1282-1286,共5页
Computer & Digital Engineering
关键词
防火墙
动态调整
冲突检测
平均匹配次数
默认规则
firewall, dynamic tuning, conflict detection, average matching times, default rules
