摘要
防火墙是保证网络安全的重要技术之一,然而目前云环境下的防火墙,其网络流量处理通常达到万兆级。而万兆防火墙的产生,防火墙规则集的日益增大和规则间的相互冲突,严重影响了防火墙性能。主流的规则冲突检测方法主要是基于对原始规则集的检测,其方法无法实现多条规则之间的检测,且无法准确找出冲突范围。文章提出一种基于有效规则集的防火墙规则冲突检测方法,该方法对基于状态变迁的冲突检测方法进行改进,通过集合运算生成防火墙规则的有效规则集,把对原始规则集中规则的检测转变为对有效规则集中规则的检测。该方法优化检测流程,实现多条规则的冲突检测,准确找出冲突范围以提供消除方案。实验结果表明,在原始规则集存在一定冗余规则的情况下提高了检测效率。
Firewall is one of the core elements in network security. However, the ftrewall in the cloud environment, the processing for network traffic usually reaches 10 Gb. And the generation of 10 Gb ftrewall, the increasing of ftrewall rules and the anomalies of rules impair the firewall performance seriously. This paper presented a valid-rule-set based anomalies detection method for firewall rules, which improve the state-transition based anomalies discovery algorithm. According to producing valid-rule-set and altering the detection object from original-rule-set to valid-rule-set, optimize the process of detection and locate the range of the anomaly. The experiment results show that, in the presence of a certain degree of redundancy in original-rule-set, the method can enhance the effect of detection.
作者
陈思思
杨进
李涛
CHEN Sisi;YANG Jin;LI Tao(College of Computer Science,Sichuan University,Chengdu Sichuan 610065,China;Institute of Computer Networks and lnformation Security,Sichuan University,Chengdu Sichuan 610065,China)
出处
《信息网络安全》
CSCD
北大核心
2018年第10期78-84,共7页
Netinfo Security
基金
国家重点研发计划[2016yfb0800604
2016yfb0800605]
国家自然科学基金[61572334
U1736212]
关键词
防火墙规则
冲突检测
状态变迁
性能优化
firewall rules
anomalies detection
state transition
performance optimiztion
