Tree-Based Diagnosis Mechanisms for Rule Anomalies among Internet Firewalls

CHI-SHIH, CHAO (2017) Tree-Based Diagnosis Mechanisms for Rule Anomalies among Internet Firewalls. In: Seventh International Conference On Advances in Computing, Electronics and Electrical Technology - CEET 2017, 01-02 July, 2017, Kuala Lumpur, Malaysia.

20170707_100437.pdf - Published Version

Download (837kB) | Preview
Official URL:


While configuring firewalls, firewall rule ordering and distribution must be done cautiously on each of cooperative firewalls. However, network operators are prone to incorrectly configuring firewalls because there are commonly hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in a firewall, not mention these rules among firewalls could affect mutually. To speed up the crucial but laboring inspection of rule configuration on firewalls, this paper describes our developed diagnosis mechanisms which can speedily figure out rule anomalies within/among firewalls with two innovative data structure – Adaptive Rule Anomaly Relationship tree (or ARAR tree) and Fixed-Stride Trie (FST), respectively. With the aid of these data structures and associated algorithms, significant improvements in this field have been made.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: —defense in depth, firewall rule anomalies, ARAR tree, FST, diagnosis result re-use.
Depositing User: Mr. John Steve
Date Deposited: 11 Mar 2019 11:31
Last Modified: 11 Mar 2019 11:31

Actions (login required)

View Item View Item