一种分布式防火墙规则有效性检测算法
A Distributed Firewall Rules Validity Detection Algorithm
-
摘要: 给出了结构化查询语句的定义,将查询的过程形式化描述,提出了一种基于SFDDs间逻辑运算实现分布式防火墙规则有效性检测算法。该算法在保持原始规则完整性、一致性、紧凑性的基础上,消除独立防火墙规则间异常,保持原始规则语义上的一致。仿真结果表明,基于SFDDs间逻辑运算实现分布式防火墙规则有效性检测算法可以快速有效对规则进行检测.Abstract: The paper defines a Structured Query Sentence to describe the query process and proposes a distributed firewall rules validity detection algorithm based on semi-isomorphic firewall decision diagrams (SFDD) logical operation. The algorithm keeps consistency, completeness, and compactness of the original rules,eliminates the rule anomalies in intra-firewall. Our simulation results demonstrate that the algorithm achieves a significant improvement in validity detection of rules.