首页    期刊浏览 2024年11月27日 星期三
登录注册

文章基本信息

  • 标题:A Mapping Mechanism for Periodic Filters in a Conflict Detection System for Time-Based Firewall Policies
  • 作者:Subana Thanasegaran ; Yuichiro Tateiwa ; Yoshiaki Katayama
  • 期刊名称:International Journal of Computer Science and Network Security
  • 印刷版ISSN:1738-7906
  • 出版年度:2012
  • 卷号:12
  • 期号:3
  • 页码:108-115
  • 出版社:International Journal of Computer Science and Network Security
  • 摘要:Recently, time-based filters are introduced in several practical firewalls like CISCO ACLs and LINUX Iptables to control network traffic in time. It is very handy when a service is required to be available at certain times of a day or at certain days. However, network administrators struggle to maintain time-based firewall policies due to their high-complexity. Conflict is a misconfiguration that occurs when a packet matches two or more filters. It makes the filters either redundant or shadowed, and as a result the network does not reflect the actual configurations of the time-based firewall policies. Even though, conflict detection techniques for time-based filters have been proposed, it takes huge computation time and memory when the conflict detection period is too long due to the enormous repetition of periodic time-based filters. To solve this problem, we have proposed a mapping mechanism to treat the periodic filters and remove the unnecessary repetitions of the periodic filters which reduces the huge computation time and memory. Furthermore, we have evaluated the feasibility and the usefulness of the proposed system by carrying out experiments with the available conflict detection systems with various time-based firewall policies, and have proved the effectiveness of the mapping mechanism.
  • 关键词:time-based rules; periodic filters; mis-configuration; time scheduling
Loading...
联系我们|关于我们|网站声明
国家哲学社会科学文献中心版权所有