| 一种基于SFDD的状态防火墙规则集比对方法 |
| |
| 引用本文: | 秦拯,厉怡君,欧露,Alex X. Liu.一种基于SFDD的状态防火墙规则集比对方法[J].湖南大学学报(自然科学版),2014,41(10):103-107. |
| |
| 作者姓名: | 秦拯 厉怡君 欧露 Alex X. Liu |
| |
| 作者单位: | 1. 湖南大学 信息科学与工程学院,湖南 长沙,410082
2. 密歇根州立大学 计算机科学与工程系,密歇根 兰西 48824-1266 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 状态防火墙是一种新型防火墙,而传统防火墙决策图(FDD)构造算法并不适用于状态防火墙的规则集比对.本文在FDD基础上,提出一种状态防火墙决策图(SFDD)构造算法,将规则集转化成图形化的等价的SFDD,用于状态防火墙规则集比对.理论分析和仿真实验结果表明,利用SFDD构造算法进行比对,能有效检测出规则集之间的全部不同点;当状态防火墙的状态部分规则和无状态部分规则条目数量均达到3 000时,比对过程所耗费的平均时间不超过2s.
|
| 关 键 词: | 网络安全 防火墙规则 访问控制 |
A New Approach to Compare Stateful Firewall Rule Set Based on SFDD |
| |
| QIN Zheng
,
LI Yi-j un
,
OU Lu
,
Alex XLiu.A New Approach to Compare Stateful Firewall Rule Set Based on SFDD[J].Journal of Hunan University(Naturnal Science),2014,41(10):103-107. |
| |
| Authors: | QIN Zheng LI Yi-j un OU Lu Alex XLiu |
| |
| Institution: | QIN Zheng;LI Yi-jun;OU Lu;Alex X.Liu;School of Information Science and Engineering,Hunan Univ;Dept of Computer Science and Engineering,Michigan State Univ,East Lansing,MI 48824-1266,USA; |
| |
| Abstract: | The stateful firewall is a new type of firewall, and the traditional firewall decision diagrams (FDD) construction algorithm does not apply to stateful firewall rule set. This paper presented a stateful firewall decision diagrams (SFDD) construction algorithm, which transforms the stateful firewall ACLs into equivalent stateful firewall decision diagrams, and is applied to the stateful firewall rule set comparison. Theoretical analysis and simulation results have shown that the method can effectively detect all the differences between the rule sets. And when the number of rules for both the stateful and stateless section is 3000, the time cost is less than 2 s. |
| |
| Keywords: | network security firewall rules access control |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《湖南大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《湖南大学学报(自然科学版)》下载免费的PDF全文 |
|
