Popis: |
Frequently, firewall rules are overlapped and duplicated. The problems are usually resolved by merging rules. However, sometimes merged rules lead to the semantics loss. This paper proposed the tracker system for analyzing and alerting the semantics loss of firewall rules while they are being merged, namely SELTracker. SELTracker data structure is built from the Path Selection Tree (PST). PST does only keep all anomaly rules but also maintain normal rules. While firewall rules are being merged, SELTracker analyzes merging rules against PST. Based on the testing results, the proposed system has the ability to effectively detect the semantics loss. Moreover, SELTracker can also detect all other anomalies. |