Towards a usable anomaly diagnosis system among internet firewalls’ rules

While configuring firewalls, firewall rule editing, ordering, and distribution must be done with extreme caution on each of cooperative firewalls. However, network operators are prone to incorrectly configuring firewalls because commonly there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in a firewall, not mention these rules among firewalls can affect mutually. To complete the crucial but laboring inspection of rule configuration on firewalls effectively and efficiently, this paper describes two of our developed diagnosis mechanisms which can speedily discover rule anomalies within/among firewalls with two innovative data structures – Rule Anomaly Relationship tree (RAR tree) and Adaptive RAR tree (ARAR tree). With the assistance of these data structures and associated algorithms, two of our developed mechanisms show significant improvements on system performance and scalability in rule anomaly diagnosis for Internet firewalls.