A new approach to designing firewall based on multidimensional matrix

摘要

Firewalls are crucial elements to enhance network security by examining the field value of every packet andrndecide whether to accept or discard the packet according to the firewall policy. However, the design ofrnfirewall policies, especially for enterprise networks, is complex and error-prone. This paper aims to proposernan effective firewall design method to ensure the consistency, compactness and completeness of firewallrnrules. Specifically, we develop a new designing model, namely firewall design matrix, and the correspondingrnconstruction algorithm for mapping firewall rules to firewall design matrix. A firewall generation algorithm isrnproposed to generate the target firewall rules that are equivalent to the original ones while maintaining therncompleteness. Theoretical proof and extensive experiments on both real-world and synthetic firewalls arernconducted to evaluate the performance of the proposed method. The results demonstrate that it can achieverna high compression ratio efficiently while maintaining the firewall rules conflict-free.