Title :
Efficient Algorithm for Detecting Firewall Rule Conflict
Author :
Xu Yan ; Wei Zhaoxia ; Tang Qingrong
Author_Institution :
Dept. of Microelectron. Technol., CDUESTC, Chengdu, China
Abstract :
Conflict detection algorithm in the traditional firewall rules, increase when the number of firewall rules to a certain extent, the probability of conflict will increase, which will match the packets cause miscarriage of justice. In order to be able to quickly detect firewall rules in the conflict, this paper presents an improved rule of conflict detection algorithms (DBBV algorithm). The algorithm processes the rules on conflict detection using binary tree data structure, and one-dimensional intersection operation after operation, makes rules simpler to detect. Expression of flexibility in the rules, not due to a redundant operation, resulting in high time complexity. Through the analysis of algorithms, and verified by experiment, the algorithm efficiency significantly higher than traditional ASBV algorithm of conflict detection.
Keywords :
firewalls; tree data structures; DBBV algorithm; binary tree data structure; conflict probability; firewall rule conflict detection; one-dimensional intersection operation; time complexity; Algorithm design and analysis; Binary trees; Classification algorithms; Detection algorithms; Time complexity; Vectors; DBBV algorithm; firewall rule conflict; the bit vector;
Conference_Titel :
Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on
Conference_Location :
Xi´an
DOI :
10.1109/INCoS.2013.63
