• DocumentCode
    36524
  • Title

    Modeling and global conflict analysis of firewall policy

  • Author

    Xiaoyan Liang ; Chunhe Xia ; Jian Jiao ; Junshun Hu ; Xiaojian Li

  • Author_Institution
    Beijing Key Lab. of Network Technol., Beihang Univ., Beijing, China
  • Volume
    11
  • Issue
    5
  • fYear
    2014
  • fDate
    May-14
  • Firstpage
    124
  • Lastpage
    135
  • Abstract
    The global view of firewall policy conflict is important for administrators to optimize the policy. It has been lack of appropriate firewall policy global conflict analysis, existing methods focus on local conflict detection. We research the global conflict detection algorithm in this paper. We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set. Based on this model, we presented the global conflict formal model, and represent it with OBDD (Ordered Binary Decision Diagram). Then we developed GFPCDA (Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict. In experiment, we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model, of a classical algorithm. We compared this algorithm with GFPCDA algorithm. The results show that GFPCDA detects conflicts more precisely and independently, and has better performance.
  • Keywords
    binary decision diagrams; firewalls; pattern classification; rough set theory; GFPCDA algorithm; OBDD; firewall policy classification; firewall policy global conflict analysis; global conflict detection algorithm; global firewall policy conflict detection algorithm; knowledge concept; local conflict detection; ordered binary decision diagram; rough set; semantic model; semantic model usability; Algorithm design and analysis; Analytical models; Classification algorithms; Detection algorithms; Firewalls (computing); Semantics; conflict analysis; conflict detection; firewall policy; semantic model;
  • fLanguage
    English
  • Journal_Title
    Communications, China
  • Publisher
    ieee
  • ISSN
    1673-5447
  • Type

    jour

  • DOI
    10.1109/CC.2014.6880468
  • Filename
    6880468