Netinfo Security ›› 2018, Vol. 18 ›› Issue (10): 78-84.doi: 10.3969/j.issn.1671-1122.2018.10.011

Previous Articles     Next Articles

Research on an Anomalies Detection Method for Firewall Rules

Sisi CHEN1, Jin YANG2(), Tao LI2   

  1. 1. College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
    2. Institute of Computer Networks and Information Security, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2018-07-15 Online:2018-10-10 Published:2020-05-11

Abstract:

Firewall is one of the core elements in network security. However, the firewall in the cloud environment, the processing for network traffic usually reaches 10 Gb. And the generation of 10 Gb firewall, the increasing of firewall rules and the anomalies of rules impair the firewall performance seriously. This paper presented a valid-rule-set based anomalies detection method for firewall rules, which improve the state-transition based anomalies discovery algorithm. According to producing valid-rule-set and altering the detection object from original-rule-set to valid-rule-set, optimize the process of detection and locate the range of the anomaly. The experiment results show that, in the presence of a certain degree of redundancy in original-rule-set, the method can enhance the effect of detection.

Key words: firewall rules, anomalies detection, state transition, performance optimiztion

CLC Number: