閱讀全文 | |
篇名 |
Towards a Usable Anomaly Diagnosis System among Internet Firewalls’ Rules
|
---|---|
並列篇名 | Towards a Usable Anomaly Diagnosis System among Internet Firewalls’ Rules |
作者 | Chi-Shih Chao、Stephen J.H. Yang |
英文摘要 | While configuring firewalls, firewall rule editing, ordering, and distribution must be done with extreme caution on each of cooperative firewalls. However, network operators are prone to incorrectly configuring firewalls because commonly there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in a firewall, not mention these rules among firewalls can affect mutually. To complete the crucial but laboring inspection of rule configuration on firewalls effectively and efficiently, this paper describes two of our developed diagnosis mechanisms which can speedily discover rule anomalies within/among firewalls with two innovative data structures – Rule Anomaly Relationship tree (RAR tree) and Adaptive RAR tree (ARAR tree). With the assistance of these data structures and associated algorithms, two of our developed mechanisms show significant improvements on system performance and scalability in rule anomaly diagnosis for Internet firewalls. |
起訖頁 | 789-800 |
關鍵詞 | Defense in depth、Firewall rule anomalies、RAR tree、ARAR tree、Diagnosis reuse |
刊名 | 網際網路技術學刊 |
期數 | 201905 (20:3期) |
出版單位 | 台灣學術網路管理委員會 |
DOI |
|
QR Code | |
該期刊 上一篇
| Optimizing Cross Domain Sentiment Analysis Using Hidden Markov Continual Progression |
該期刊 下一篇
| A (k, p)-anonymity Framework to Sanitize Transactional Database with Personalized Sensitivity |