Fast and scalable method for resolving anomalies in firewall policies

In this paper, we investigate the problem of improving the performance and scalability of large firewall policies that comprise thousands of rules by detecting and resolving any potential conflicts among them. We present a novel, highly scalable data structure that requires O(n) space where n is the number of rules in the policy to represent the dependency among rules. After that, we describe a practical heuristic that utilizes our data structure to find conflicting rules, and consequently find an optimal ordering of consistent ones. Our algorithm has time complexity O(n² log n), making it the fastest to-date known algorithm for firewall rule anomaly dis- covery and resolution. We validate the practicality of our algorithm through real-life firewall policies and synthetic firewall policies of large data. Performance results show that our heuristic algorithm achieves from 40% to 87% improvement in the number of comparisons overhead, comparatively with the original policies.