检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]山东女子学院,山东济南250300 [2]大众报业集团,山东济南250014
出 处:《计算机应用与软件》2015年第8期292-295,共4页Computer Applications and Software
基 金:国家自然科学基金项目(61073178)
摘 要:当防火墙的规则集规模增加的时候,防火墙的复杂性被认为是增加的。实证研究表明,随着规则集的增大,防火墙配置错误的数量在急剧增加,而防火墙的性能会降低。当设计一个安全敏感的网络时,为了减少防火墙规则集的规模,关键是仔细构建网络拓扑及其路由结构,它有助于降低安全漏洞的机会,避免性能瓶颈。针对如何在网络的拓扑设计和构建路由表操作期间的最小化最大多防火墙规则集,提出一个启发式的解决方案。运用仿真对算法的实效性进行证明。仿真试验结果显示,该算法相比于别类算法降低了多防火墙规则集的规模。The complexity of firewall is known to increase along with the increase of its rule set size. Empirical studies show that as the rule set growing larger,the number of configuration errors on a firewall increases sharply,while the performance of the firewall degrades.When designing a security-sensitive network,it is critical to construct the network topology and its routing structure carefully in order to reduce the size of firewall rule sets,which helps lower the chance of security loopholes and prevent performance bottleneck. This paper presents a heuristic solution for the problem of how the maximum multi-firewall rule set can be minimised during the topology design of network and during the operation of routing tables' construction. By simulations we prove the effectiveness of the algorithm. Simulation testing results show that the proposed algorithm reduces the size of multi-firewall rule set comparing with other algorithms.
分 类 号:TP391.9[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145