基于时间的多层防火墙访问控制列表策略审计方案

发布时间：2018-01-26 17:33

本文关键词： 多层防火墙防火墙规则异常检测访问控制列表审计　出处：《计算机应用》2017年01期 　论文类型：期刊论文

【摘要】：针对多层防火墙中的访问控制列表(ACL)策略审计问题,基于时间分析了单个防火墙间及多层防火墙间的策略异常,并根据防火墙之间的拓扑结构提出了一种基于树结构的回溯异常检测算法(ADBA)。首先,解析各个防火墙ACL策略,统一数据格式到数据库;然后,根据防火墙间的拓扑建立树状结构并检测单个防火墙内的策略异常;最后,ADBA利用数据库中的数据与树结构进行异常检测并记录异常策略。实验结果表明,ADBA与基于半同构标记防火墙决策图(SMFDD)算法相比,ADBA的检测时间比SMFDD算法减少了28.01%,同时参考时间因素相比SMFDD算法,ADBA能够减少异常检测的误判。故ADBA能有效实施于多层防火墙的ACL策略审计,提高异常检测的精确性并减少异常检测时间。
[Abstract]:According to the multi-layer firewall access control list (ACL) audit strategy, time analysis of single and multi-layer firewall firewall strategy between abnormal based on topological structure and according to the firewall between a tree structure anomaly detection algorithm based on Backtracking (ADBA). First of all, resolve the various ACL firewall strategy, unified data format to the database; then, based on the topology of the firewall between the tree structure and establish the strategy of detecting single firewall anomaly; finally, using the ADBA data and the tree structure in the database for anomaly detection and record abnormal strategy. The experimental results show that ADBA and firewall decision diagrams based on semi isomorphic marker (SMFDD) algorithm, the detection time of ADBA 28.01% less than the SMFDD algorithm, and the reference time factors compared to SMFDD algorithm, ADBA can reduce the abnormal detection of misjudgment. So ADBA can effectively implement in multilayer The ACL policy audit of the firewall improves the accuracy of the exception detection and reduces the abnormal detection time.

【作者单位】：国家电网安徽省电力公司;中国科学技术大学计算机科学与技术学院;
【基金】：国家自然科学基金资助项目(61672485,61379130)~~
【分类号】：TP393.08
【正文快照】： 0引言防火墙作为企业的网络基石,它是连接着内部网络与外部网络之间的网络安全系统,其中最重要的管理任务是配置正确的防火墙和安全规则[1]。然而由于防火墙的访问控制列表(Access Control List,ACL)策略可能包含大量的规则,规则间可能存在冲突导致规则的顺序敏感性,即对同

【相似文献】