为减少防火墙规则平均匹配次数和处理时间,提升规则匹配的准确率,提出一种由离线数据驱动的防火墙性能优化方法。统计网络日志中一段时间内规则匹配频率,动态调整规则集合中的规则匹配顺序;将每个规则作为一个类,通过给定的网络日志信息作为训练数据集离线创建决策树规则分类器;分类器对实时到来的数据包进行规则预测,预测成功则按照匹配的规则类动作执行,不成功则按照调整后的规则列表匹配。通过定时更新训练数据集,实时动态地生成新的分类器,调整规则序号。仿真结果表明,相对于其它防火墙,该方法在规则匹配的效率方面有很大提升,规则匹配总次数和处理总时间明显减少,防火墙性能显著提升。%To reduce average matching times,total processing time and improve matching accuracy of firewall rules,a method driven by offline flow traces data was presented.The matching frequency of each rule in a certain period time was calculated and each rule’s matching label was dynamically reordered.Each rule was regarded as a class and a decision tree classifier was created using offline internet trace and log files.The classifier predicted which rule was most likely going to be matched for each coming packet.If correct,the corresponding action of the matched rule was taken,otherwise,the packet was matched by reordered rules one by one.At the same time,through updating the training data,the classifier and rules’matching order were updated dynamically.Experimental results show that compared to other firewalls,the enhanced firewall has improvements in the efficien-cy of filtering packets.The performance of the optimized firewall is improved significantly while rules’total matching times and total processing time are reduced apparently.
展开▼
