Decision tree-based firewall policy conflict detection method

A technology of firewall policy and conflict detection, which is applied in the field of network security, can solve problems such as slow detection speed, achieve the effects of reducing the number of judgments, avoiding policy traversal comparison, and reducing the number of policies

Active Publication Date: 2016-07-06
STATE GRID CORP OF CHINA +5
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] In view of the deficiencies in the prior art, the purpose of the present invention is to provide a firewall policy conflict detection method based on a decision tree, which solves the problem of slow detection speed caused by too many judgment statements in the existing methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Decision tree-based firewall policy conflict detection method
  • Decision tree-based firewall policy conflict detection method
  • Decision tree-based firewall policy conflict detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0045]In view of the problem of slow detection speed caused by too many judgment sentences in the existing method, the embodiment of the present invention uses a tree structure to store and classify strategies based on the existing method, so as to reduce the number of judgments and avoid In addition to the strategy traversal comparison, it is even possible to directly detect whether there is a duplicate path in the tree, which saves the comparison of obvious conflict redundant strategies, and thus can achieve the effect of conflict detection faster.

[0046] Such as figure 2 As shown, it is the implementation principle flow of the method for detecting firewall policy conflicts in the embodiment of the present invention. It mainly includes the following steps:

[0047] Step 201, initialize the storage tree; when inser...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a decision tree-based firewall policy conflict detection method. The method includes the following steps that: decision tree transformation is performed on each rule in a firewall rule set; the rules are stored in a tree data structure form; and each policy is corresponding to a unique path in a tree. With the method provided by the technical schemes of the invention adopted, defects in an existing decision tree-based firewall policy conflict detection method can be eliminated, and the time complexity of the method of the invention can be reduced, and conflict detection efficiency can be greatly improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a decision tree-based firewall policy conflict detection method. Background technique [0002] In the era of knowledge economy and information resource sharing, the Internet is developing vigorously and getting closer to all aspects of social life. The attendant threats are inevitable, and the related technologies are getting better and better. Therefore, the maintenance of network security is particularly important, and the setting of a firewall is an effective measure for computer network security maintenance. [0003] The firewall is an integral part of the network system. It controls the unsafe data packets trying to enter the internal security network and the outside world through clear security policies. It can selectively block bad information and set access rights to external sites. When there is access, the system Automatically audit access rights, identify ba...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 张涛马媛媛时坚李伟李星邵志鹏陈亚东
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap