Research on the Anomaly Discovering Algorithm of the Packet Filtering Rule Sets

The vulnerability analysis based on rule is playing an important role in the internet security. Many security devices such as firewalls and intrusion detection systems work on the packet filtering system of which rules are the bases. The consistency of the rules and security policies as well as the validity of the regulation configure are of importance. Thus we must check and find out the rule´s anomaly in the set of the rules, which can influence the security policies. In this paper, we use the set theory to deeply research the checking technology of the rules to packet filtering system formally. On the basis of the formal definitions of packet, the rule and the five kinds of rule anomaly existed between two special rules, the paper proposes a rule sets anomaly discovering algorithm named ADPS which analyses the relationships between two rules and can precisely locate the anomaly of the rules. The paper also analyzes the influence to security policy caused by relationships among multiple rules and defines the anomaly of them.