An Adaptive RAR Tree-Based Diagnosis System for Rule Anomalies and Behavior Mismatching among Network Firewalls

• Main Author: 邱振添
• Other Authors: 趙啟時
• Format: Others
• Language: zh-TW
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/yrzz9y

碩士 === 逢甲大學 === 通訊工程學系 === 102 === Firewall is one of the premier devices of the current Internet, which can protect the entire network against attacks or threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the network security policies so that the network security would not be flawed. Accordingly, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multi-firewall-equipped network. Nevertheless, network operators are prone to incorrectly configuring the firewalls because there are typically thousands or hundreds of thousands of filtering/admission rules (i.e., rules in the Access Control List file; or ACL for short) which could be setup in a firewall, not mention these rules among firewalls which affect mutually can make the matter worse. Under this situation, the network operators would hardly know their mis-configuration until the network functions beyond the expectations. Based on the “Adaptive Rule Anomaly Relation Tree (Adaptive RAR)”, thesis will speed up the system to detect these anomalies for reasonable time consumption, and balance the cost of online security analysis cost and efficiency. It uses the geometry correlation of firewall rules, and constructs the Adaptive RAR tree-based data structure that reuse the local diagnosis results to diagnosis the anomalies among firewalls. It can reduce time or space consumption between rule comparison when the number of the firewalls, rules and rule conditions becomes huge. It will protect the firewall system to avoid accidents, and come to defense in depth