Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Firewall rule set optimization method based on rule matching hit rate and distribution variance

An optimization method and technology of distribution variance, applied to electrical components, transmission systems, etc., can solve problems such as poor compatibility and poor flexibility, and achieve good optimization effects, good flexibility, and good optimization effects

Active Publication Date: 2018-08-28
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] The purpose of the present invention is to improve the matching efficiency of firewall data packets and solve the problems of poor flexibility and poor compatibility of existing methods, and propose a firewall rule set optimization method based on rule matching hit frequency and hit time distribution variance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall rule set optimization method based on rule matching hit rate and distribution variance
  • Firewall rule set optimization method based on rule matching hit rate and distribution variance
  • Firewall rule set optimization method based on rule matching hit rate and distribution variance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to better illustrate the purpose and advantages of the present invention, the implementation of the method of the present invention will be further described in detail below in conjunction with examples.

[0034] The specific process is:

[0035] Step 1, preprocessing the firewall rule set.

[0036] In step 1.1, the exceptions of the firewall rule set are divided into four categories: shielding exceptions, crossing exceptions, redundancy exceptions and inclusion exceptions. The rules of these four kinds of abnormalities are processed respectively, and the minimal firewall rule set with the same function as the original rule set is obtained.

[0037] Step 1.2, firewall rules are merged. After exception handling of the firewall rule set, a rule set with no exception and all rules are irrelevant is obtained. Generally, network data packets belong to a certain service, and a service can be determined by the protocol type, source port, and destination port. There...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a firewall rule set optimization method based on rule matching hit rate and distribution variance, belonging to the technical field of computer and information science. The method comprises the following steps: firstly preprocessing a firewall initialization rule set, wherein content of preprocessing comprises rule set exception detection, exception processing and rule combination, and obtaining a simplest firewall rule set without exceptional rules after preprocessing; then, collecting firewall logs of a period of time in real time, calculating rule weight according to the firewall log information, wherein rule weight calculation is divided into three parts including rule hit rate frequency statistic, rule hit time distribution statistic and a rule weight value calculated according to the two statistic data; finally, according to the calculated rule weight value, reordering the firewall rule set, and placing the rules with relatively higher weight values at positions with higher priority. Compared with the conventional firewall rule set optimization method, the method provided by the invention has better optimization effect, can enable a firewall to keep relatively higher data packet filtering rate and has relatively excellent flexibility and transportability.

Description

technical field [0001] The invention relates to a firewall rule set optimization method based on rule matching hit rate and distribution variance, and belongs to the technical field of computer and information science. Background technique [0002] Firewall is currently one of the most widely used and mainstream network security technologies, and is the first line of defense in the network security system. The security of the firewall largely depends on the configuration of policies, that is, a set of ordered rule sets formed based on preset security policies. With the improvement of network security requirements, the complexity of firewall rules continues to increase. The firewall rule sets have strict priorities. In the case of a stable network environment, the filtering efficiency of the rule set will not fluctuate too much. However, the general network environment is constantly changing, and the filtering efficiency of the rule set will also change with As the network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/1408H04L63/1425
Inventor 罗森林张寒青潘丽敏朱帅张笈
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com