基于时间的多层防火墙访问控制列表策略审计方案

针对多层防火墙中的访问控制列表（ACL）策略审计问题，基于时间分析了单个防火墙间及多层防火墙间的策略异常，并根据防火墙之间的拓扑结构提出了一种基于树结构的回溯异常检测算法（ADBA）。首先，解析各个防火墙ACL策略，统一数据格式到数据库；然后，根据防火墙间的拓扑建立树状结构并检测单个防火墙内的策略异常；最后，ADBA利用数据库中的数据与树结构进行异常检测并记录异常策略。实验结果表明，ADBA与基于半同构标记防火墙决策图（SMFDD）算法相比，ADBA的检测时间比SMFDD算法减少了28.01%，同时参考时间因素相比SMFDD算法，ADBA能够减少异常检测的误判。故ADBA能有效实施于多层防火墙的ACL策略审计，提高异常检测的精确性并减少异常检测时间。

Time-based strategy audit scheme of access control list in multi-layer firewall

To solve the Access Control List (ACL) strategic audit problem in multi-layer firewalls, the policy anomalies in single firewall and between multi-layer firewalls were analyzed based on time. Then the Anomaly Detection based on Backtracking Algorithm (ADBA) was proposed by constructing the tree structure according to the topology of firewalls. First, the ACL policy of each firewall was analyzed and the data format was unified to the database. Second, the tree structure of firewall was built based on the topology of the firewall and the anomaly would be detected in a single firewall. Finally, the data in the database and the tree structure was used in ADBA to detect and record the abnormal strategy. The experimental results show that compared with the Semi-isomorphic Marked Firewall Decision Diagram (SMFDD) algorithm, the proposed ADBA can reduce the execution time of anomaly detection by 28.01% and reduce the miscalculation of anomaly detection according to the time factor. The ADBA can be implemented effectively at multi-layer firewalls ACL audit to improve detection accuracy and reduce detection time.