A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search

doi:10.13190/jbupt.200605.111.lil

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2006, Vol. 29 ›› Issue (5): 111-114.doi: 10.13190/jbupt.200605.111.lil

• Reports • Previous Articles Next Articles

A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search

LI Lin, LU Xian-liang

Department of Computer Science, university of electronic science and technology, Chengdu 610054, China

Received:2005-10-08 Revised:1900-01-01 Online:2006-10-30 Published:2006-10-30
Contact: LI Lin

Abstract

Abstract:

Adding a new firewall rule often conflicts with the existed ones, which leads to security vulnerabilities. In order to avoid such vulnerabilities, firewall administrators have to determine an appropriate position in the firewall rule set to be inserted, and identify all the rules conflicting with the new rule in advance. The time complexity of the current conflicts detection algorithm for firewall rule set is O(dN), which makes its performance very poor. A new algorithm for detecting firewall rule set conflicts based on tuple space search is presented not only to find all the rules conflicting with the new rule, but also reduce the time complexity as O(logN+N/w). So it can efficiently help administrators determine an appropriate insertion position of the new rule to avoid vulnerabilities.

Key words: rule conflicts, tuple space search, security holes

CLC Number:

TP393.08

LI Lin, LU Xian-liang. A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(5): 111-114.

[1]	PENG Yu-he, CHEN Xiang, CHEN Shuang-wu, YANG Jian. Cross-Domain Abnormal Traffic Detection Based on Transfer Learning [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(2): 33-39.
[2]	ZHANG Jun-song, ZHANG Qi-kun, GAN Yong, MENG Ying-hui. A New Authentication Protocol for Wireless Medical Sensor Network [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2018, 41(4): 104-109.
[3]	WU Bin, LIN Xing, LI Wei-dong, LU Tian-liang, ZHANG Dong-mei. Smartphone Malware Detection Model Based on Artificial Immune System in Cloud Computing [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(4): 34-38.
[4]	WANG Xiu-juan, SUN Bo, LIAO Yan-wen, XIANG Cong-bin. Computer Network Vulnerability Assessment Based on Bayesian Attribute Network [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(4): 110-116.
[5]	XIE Li-xia, WANG Ya-chao. New Method of Network Security Situation Awareness [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(5): 31-35.
[6]	LI Jing-hua, MU De-jun, YANG Ming-kun, HU Wei. Design on Android Malware Behavior Analysis System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 104-107.
[7]	XIE Li-xia, BO Fu-kuan, DENG Qiang. Multi-Domain Role Trust Access Control Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(3): 83-88.
[8]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[9]	LU Tian-liang, ZHENG Kang-feng, LIU Ying-qing, HU Ying, WU Bin. Virus Detection Model Based on Dynamic Clonal Selection Algorithm [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(3): 39-43.
[10]	ZHANG Zhao, TANG Wen, WEN Qiao-yan. A Length Semantic Constraints Based Approach for Mining Packet Formats of Unknown Protocols [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(6): 55-59.
[11]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[12]	. Research of Automatically Generating Signatures for Botnets [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2011, 34(4): 109-112.
[13]	Hong-Yu YANG Dai QiKui. A Novel Approach for Network SelfProtection Mechanism [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2011, 34(3): 122-126.
[14]	YU Wang-ke; MA Wen-ping; YAN Ya-jun; YANG Yuan-yuan. Constructing Secure Routing Protocol Using Trust Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 48-51.
[15]	ZHU Hong-liang;LI Rui;CHENG Ming-zhi;XIN Yang;YANG Yi-xian;HU Zheng-ming. A Multi-Track Separating Method Using Bubble Principle [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(1): 74-79.

A Detection Algorithm for Rule Set Conflicts Based on Tuple Space Search

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments