Towards a usable anomaly diagnosis system among internet firewalls’ rules

Chi Shih Chao, Stephen J.H. Yang

研究成果: 雜誌貢獻期刊論文同行評審

2 引文 斯高帕斯(Scopus)


While configuring firewalls, firewall rule editing, ordering, and distribution must be done with extreme caution on each of cooperative firewalls. However, network operators are prone to incorrectly configuring firewalls because commonly there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in a firewall, not mention these rules among firewalls can affect mutually. To complete the crucial but laboring inspection of rule configuration on firewalls effectively and efficiently, this paper describes two of our developed diagnosis mechanisms which can speedily discover rule anomalies within/among firewalls with two innovative data structures – Rule Anomaly Relationship tree (RAR tree) and Adaptive RAR tree (ARAR tree). With the assistance of these data structures and associated algorithms, two of our developed mechanisms show significant improvements on system performance and scalability in rule anomaly diagnosis for Internet firewalls.

頁(從 - 到)789-799
期刊Journal of Internet Technology
出版狀態已出版 - 2019


深入研究「Towards a usable anomaly diagnosis system among internet firewalls’ rules」主題。共同形成了獨特的指紋。