首页    期刊浏览 2024年11月23日 星期六
登录注册

文章基本信息

  • 标题:A Mapping Mechanism for Periodic Filters in a Conflict Detection System for Time-Based Firewall Policies
  • 本地全文:下载
  • 作者:Subana Thanasegaran ; Yuichiro Tateiwa ; Yoshiaki Katayama
  • 期刊名称:International Journal of Computer Science and Network Security
  • 印刷版ISSN:1738-7906
  • 出版年度:2012
  • 卷号:12
  • 期号:4
  • 页码:29-36
  • 出版社:International Journal of Computer Science and Network Security
  • 摘要:Recently, time-based filters are introduced in several practical firewalls like CISCO ACLs and LINUX Iptables to control network traffic in time. It is very handy when a service is required to be available at certain times of a day or at certain days. However, network administrators struggle to maintain time-based firewall policies due to their high-complexity. Conflict is a misconfiguration that occurs when a packet matches two or more filters. It makes the filters either redundant or shadowed, and as a result the network does not reflect the actual configurations of the time-based firewall policies. Even though, conflict detection techniques for time-based filters have been proposed, it takes huge computation time and memory when the conflict detection period is too long due to the enormous repetition of periodic time-based filters. To solve this problem, we have proposed a mapping mechanism to treat the periodic filters and remove the unnecessary repetitions of the periodic filters which reduces the huge computation time and memory. Furthermore, we have evaluated the feasibility and the usefulness of the proposed system by carrying out experiments with the available conflict detection systems with various time-based firewall policies, and have proved the effectiveness of the mapping mechanism.
  • 关键词:time-based rules; periodic filters; mis-configuration; time scheduling
国家哲学社会科学文献中心版权所有