Distributed firewall policy anomaly detection algorithm
|School||Nanjing University of Technology and Engineering|
|Course||Applied Computer Technology|
|Keywords||distributed firewall policy anomaly rule conflict Policy tree Binary tree|
In this thesis, we adopt a new policy management without Policy Control Center indistributed firewall system. The policy is created, distributed and executed independentlyby hosts. This scheme of policy management solves the problem of Policy Control Centerdisability, but how to detect the policy anomaly in this environment.This paper studies the problem. How to improve policy anomaly detection algorithm’sefficiency and how to distinguish anomaly is also an important part of this thesis. Firstly,this paper presents a Rule Set Conflict Detection Algorithm based on Linear Search whichcan detect rule conflict and conflict types. Secondly, taking example of the Rule SetConflict Detection Algorithm based on Policy Tree, a Rule Set Conflict DetectionAlgorithm based on Binary Tree is designed which can detect the rule conflict and ruleconflict types in firewalls. It can greatly shorten the time for rule conflict detection thanLinear Search Algorithm and the algorithm based on Policy Tree.The algorithms which are based on Linear Search, Policy Tree and Binary Tree aregiven in this paper using C programming language. By testing results, we discover thealgorithm based on Binary Tree can be adaptable for rule conflict detecting of multi-fieldrule set, and its time complexity reduces. Although the algorithm based on Binary Treeneeds Creating Tree operation, spending time of Creating Tree is insignificant as comparedto spending time of detecting rule conflict. In a word, the algorithm based on Binary Treeis a fast, efficient algorithm of detecting rule conflict that is appropriate for large-scale rulesets.At last, research results to how to further improving the efficiency of Rule SetConflict Detection Algorithm based on Binary Tree is introduced.