MEASURING THE EFFECTIVENESS AND EFFICIENCY OF RULE REORDERING ALGORITHM FOR POLICY CONFLICT

摘要

Network security has acquired appreciable attention among business communities. Firewall act as a frontier defense and plays a significant role for establishing secure communication in networks against unauthorized traffic occurred in network. Firewall policies deployed in firewall, directs the firewalls to handle network traffic for particular IP addresses and protocols. Although deployment of firewall technology improves security in our network, managing firewall policies is a challengeable process due to the composite character of rules in firewall policy, on the other hand policy rules created by the system administrators face difficulty in resolving policy conflicts. To address all the aforementioned issues, we need effective firewall conflict management framework. In this effort, we propose efficacious framework to treat the policy conflict in firewalls based on risk assessment of conflicts. We identify the risk level of the policy conflict on the basis of vulnerability assessment in the secured network. Our major contribution in this paper involves the utilization of novel technique called Dynamic Rule Reordering that effectively optimizes the filtering policies in firewall. The proposed Rule reordering algorithm dynamically optimizes the conflicted rule reordering and leads to the accomplishment of most ideal solution for conflict resolution. We perform extensive evaluation and experiments to show the efficiency of our proposed rule reordering, which reorder the conflicted rules.