Improvement method of firewall adaptive capability based on rule lifecycle detection
A life cycle and firewall technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve problems such as single trigger conditions for firewalls, reduced firewall filtering efficiency, and inability to dynamically delete new rules, etc., to solve the problem of increasing the number of invalid matches , improve filtration efficiency, improve the effect of safety
Inactive Publication Date: 2020-12-08
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF8 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0009] The purpose of the present invention is to solve the problem of reduced firewall filtering efficiency caused by the single trigger condition of firewall rules and the inability to dynamically delete new rules, so a method for improving the self-adaptive ability of firewalls based on rule life cycle detection is proposed
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026] In order to better illustrate the purpose and advantages of the present invention, the implementation of the method of the present invention will be further described in detail below in conjunction with examples.
[0027] The specific process is:
[0028] Step 1: Generate new firewall rules according to firewall log information.
[0029] Step 1.1, first extract the data packet information matching the default rules from the firewall log, then classify the data packets according to the protocol type, source IP, source port, destination IP, and destination port attributes and count the proportion of various data packets in the total data packets ratio of numbers.
[0030] Step 1.2, generate a new rule with a relatively high proportion of data packet information, the rule attributes are as follows: the rule number is temporarily empty, and will be determined when adding the rule set; protocol type, source IP, source port, destination IP, destination port according to the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a firewall adaptive ability improvement method based on rule life cycle detection, and belongs to the technical field of computer and information sciences. The firewall adaptive ability improvement method comprises the steps of: firstly, carrying out extraction on data packet information in a firewall log, which is matched with a default rule for multiple times, generatingnew firewall rules according to the data packet information, carrying out merging on the newly generated rules, and adding the new rules which meet conditions into a rule set; then capturing data packets reaching a firewall, carrying out intrusion behavior detection on legal data packets, if an intrusion behavior exists, generating alarm information, generating new rules according to the information, and adding the new rules into the rule set; and finally, regularly carrying out life cycle detection on the new rules, and timely deleting rules of which life cycles are ended. According to the invention, in a case of not affecting a firewall policy, two methods of log analysis and intrusion detection are respectively adopted to generate the firewall rules, and a rule cycle detection mechanism is added, so that a problem of bloated rule set caused by excessive new rules is solved, average matching times of the data packets are reduced, filtering efficiency of the firewall is improved, andthe adaptive ability of the firewall is effectively implemented.
Description
technical field [0001] The invention relates to a method for improving the self-adaptive ability of a firewall based on rule life cycle detection, and belongs to the technical field of computer and information science. Background technique [0002] With the rapid development of network technology, it has brought convenience to our work and life, but various network security issues have also emerged. As an important tool to ensure network security, the performance of firewalls should also be continuously improved to adapt to current network conditions. So far, the trigger conditions for firewall rule generation are relatively single; at the same time, the existing firewall technology only considers the generation of firewall rules, but with more and more new rules, the number of invalid matches is also increasing, which eventually leads to a decrease in firewall filtering efficiency . Therefore, the present invention will provide a firewall self-adaptive capability improvem...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L63/02H04L63/0263H04L63/1416H04L63/1425H04L63/1458
Inventor 罗森林王子文潘丽敏朱帅张笈
Owner BEIJING INSTITUTE OF TECHNOLOGYGY