| 防火墙过滤规则的建模和全面优化 |
| |
| 引用本文: | 张翼,张勇,汪为农.防火墙过滤规则的建模和全面优化[J].计算机工程与应用,2006,42(6):146-150. |
| |
| 作者姓名: | 张翼 张勇 汪为农 |
| |
| 作者单位: | 上海交通大学网络信息中心,上海,200122 |
| |
| 摘 要: | 防火墙的管理在今天的企业网络环境中是一个复杂和易出错的任务,网络管理员不能仅仅依靠自己的经验和知识来配置防火墙,而必须使用有效的工具和技术,在系统的方法学的指导下来完成。论文采用几何技术对防火墙的配置进行建模,每个过滤规则被映射为多维空间中的一个几何体,从而使得防火墙的配置可视化和易于理解。该方法可以对防火墙的现有规则库进行彻底的重写,从而实现全面的优化。另外,该文还将通常定义在两个规则之间的规则冲突的概念和分类扩展到多个规则之间。
|
| 关 键 词: | 过滤规则 规则冲突 空间几何体 规则重写 规则优化 平均检索长度 |
| 文章编号: | 1002-8331-(2006)06-0146-05 |
| 收稿时间: | 2005-05 |
| 修稿时间: | 2005-05 |
Modelling and Complete Rewritten of Firewall Filtering Rules Using Geometry Technique |
| |
| Zhang Yi,Zhang Yong,Wang Weinong.Modelling and Complete Rewritten of Firewall Filtering Rules Using Geometry Technique[J].Computer Engineering and Applications,2006,42(6):146-150. |
| |
| Authors: | Zhang Yi Zhang Yong Wang Weinong |
| |
| Affiliation: | Network Information Center,Shanghai Jiaotong University,Shanghai 200122 |
| |
| Abstract: | The management of firewalls in today’s enterprise network environment is a complex and error-prone task.Effective techniques and tools for administrating the firewall configurations must be available to network administrators so that they can fulfill their responsibilities under the guide of a systematic methodology,not just based on their experiences.In this paper,we present such a technique by using the geometry technology to model the firewall configurations.Each filtering rule is mapped onto a hyperspace object in a 3-dimensional hyperspace.The semantics of a firewall’s configuration could then be visually comprehensible.Our approach enables a complete rewritten of a firewall’s legacy rules.Moreover,the concept of rule anomaly/conflict that is usually defined between two rules is extended to rule anomaly/conflict among two or more rules and can be identified easily in our model. |
| |
| Keywords: | filtering rule rule anomaly hyperspace object rule rewritten average searching length traffic statistics |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
