A bit vector-based diagnosis mechanism for firewall rule anomalies in IPv6 networking environment

Firewalls are what some consider to be the most essential devices which can safeguard networks. Misconfigurations of firewall rules often lead to rule anomalies which can be easily used by network attacks to paralyze the managed network. However, finding such rule anomalies is no easy task due to its time-consuming, laboring, strenuous characteristics. What’s worse is, with the massive and increasing deployment of IPv6 in the current Internet, anomaly diagnosis for firewall rules becomes even harder. In this paper, a bit vector-based anomaly diagnosis approach is proposed and realized where it can pinpoint anomalies among IPv6 firewall rules not only effectively, but also much more efficiently and more easily. As a result, a visualized platform for our IPv6 firewall rule anomaly diagnosis has been implemented and comprehensive performance evaluations on anomaly diagnosis have been conducted also, in which our developed approach shows its excellence and feasibility.