Title :
Research on the Anomaly Discovering Algorithm of the Packet Filtering Rule Sets
Author :
Chen, Zhe ; Guo, Shize ; Duan, Rong
Author_Institution :
Inst. of North Electron. Equip., Beijing, China
Abstract :
The vulnerability analysis based on rule is playing an important role in the internet security. Many security devices such as firewalls and intrusion detection systems work on the packet filtering system of which rules are the bases. The consistency of the rules and security policies as well as the validity of the regulation configure are of importance. Thus we must check and find out the rule´s anomaly in the set of the rules, which can influence the security policies. In this paper, we use the set theory to deeply research the checking technology of the rules to packet filtering system formally. On the basis of the formal definitions of packet, the rule and the five kinds of rule anomaly existed between two special rules, the paper proposes a rule sets anomaly discovering algorithm named ADPS which analyses the relationships between two rules and can precisely locate the anomaly of the rules. The paper also analyzes the influence to security policy caused by relationships among multiple rules and defines the anomaly of them.
Keywords :
Internet; authorisation; computer network security; data mining; knowledge based systems; set theory; Internet security; anomaly discovering algorithm; firewalls system; intrusion detection system; packet filtering rule set; security policy; set theory; vulnerability analysis; Algorithm design and analysis; Filtering; Fires; IP networks; Internet; Protocols; Security; anomaly detecting algorithm; packet sets; rule set; rules anomaly;
Conference_Titel :
Pervasive Computing Signal Processing and Applications (PCSPA), 2010 First International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4244-8043-2
Electronic_ISBN :
978-0-7695-4180-8
DOI :
10.1109/PCSPA.2010.94
