Dynamic Update of Firewall Policy Based on MFDT

Author

Chen, Wenhui ; Wang, WeiPing ; Li, Zhepeng ; Chen, Huaping

Author_Institution

Sch. of Manage., Univ. of Sci. & Technol. of China, Hefei

Volume

fYear

2006

fDate

3-6 Nov. 2006

Firstpage

1117

Lastpage

1120

Abstract

To improve the filtering speed of firewall, researchers have proposed many expression tools for firewall policy. However, these tools share a limitation: not compatible with dynamic updating of firewall policy. Therefore, this paper suggests marked firewall decision trees (MFDT) model. MFDT can handle not only the package filtering but also dynamically response to the updating of original policies. First of all, it is given the definition of MFDT. For three situation of policy change: adding, modifying and deleting of rules, corresponding updating algorithms of MFDT are given. In the end, MFDT´s integrality and complexity are proved

Keywords

authorisation; decision trees; MFDT model; dynamic update; firewall filtering speed; firewall policy; marked firewall decision trees; package filtering; Binary decision diagrams; Boolean functions; Data structures; Decision trees; Filtering; Matched filters; Nonlinear filters; Packaging; Technology management; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security, 2006 International Conference on

Conference_Location

Guangzhou

Print_ISBN

1-4244-0605-6

Electronic_ISBN

1-4244-0605-6

Type

conf

DOI

10.1109/ICCIAS.2006.295436

Filename

4076132

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3316492