Abstract:
The firewall policy is a sequence of rules set, so it is very important to make the firewall work well and it must be without any conflicts. This paper introduces a description method based on LE-Trie data structure for firewall policy conflict detecting. Simulation result shows that using the LE-Trie storage rule table to describe the firewall policy can use less memory than the ordinary ones, and it can get a higher search speed as detecting conflicts.
Key words:
network security,
firewall policy,
LE-Trie construction,
rule conflicts
摘要: 防火墙策略是一系列具体的规则集合,策略的制定对防火墙功能的发挥至关重要,不能存在异常情况。为此,研究基于惰性展开的Trie数据结构,利用LE-Trie结构存储规则表,提出一种防火墙策略的冲突检测与消除算法。仿真结果表明,与使用普通Trie结构的算法相比,该算法具有更高的执行效率。
关键词:
网络安全,
防火墙策略,
LE-Trie结构,
规则冲突
CLC Number:
LIANG Jian-Wu, LONG Xiao-Mei, LIU Jun-Jun. Detection Algorithm for Firewall Policy Based on LE-Trie[J]. Computer Engineering, 2010, 36(22): 134-136.
梁建武, 龙晓梅, 刘军军. 基于LE-Trie的防火墙策略检测算法[J]. 计算机工程, 2010, 36(22): 134-136.