CAJ | 학술논문

当防火墙的规则集规模增加的时候，防火墙的复杂性被认为是增加的。实证研究表明，随着规则集的增大，防火墙配置错误的数量在急剧增加，而防火墙的性能会降低。当设计一个安全敏感的网络时，为了减少防火墙规则集的规模，关键是仔细构建网络拓扑及其路由结构，它有助于降低安全漏洞的机会，避免性能瓶颈。针对如何在网络的拓扑设计和构建路由表操作期间的最小化最大多防火墙规则集，提出一个启发式的解决方案。运用仿真对算法的实效性进行证明。仿真试验结果显示，该算法相比于别类算法降低了多防火墙规则集的规模。
당방화장적규칙집규모증가적시후，방화장적복잡성피인위시증가적。실증연구표명，수착규칙집적증대，방화장배치착오적수량재급극증가，이방화장적성능회강저。당설계일개안전민감적망락시，위료감소방화장규칙집적규모，관건시자세구건망락탁복급기로유결구，타유조우강저안전루동적궤회，피면성능병경。침대여하재망락적탁복설계화구건로유표조작기간적최소화최대다방화장규칙집，제출일개계발식적해결방안。운용방진대산법적실효성진행증명。방진시험결과현시，해산법상비우별류산법강저료다방화장규칙집적규모。
The complexity of firewall is known to increase along with the increase of its rule set size.Empirical studies show that as the rule set growing larger, the number of configuration errors on a firewall increases sharply, while the performance of the firewall degrades. When designing a security-sensitive network, it is critical to construct the network topology and its routing structure carefully in order to re-duce the size of firewall rule sets, which helps lower the chance of security loopholes and prevent performance bottleneck.This paper presents a heuristic solution for the problem of how the maximum multi-firewall rule set can be minimised during the topology design of network and during the operation of routing tables'construction.By simulations we prove the effectiveness of the algorithm.Simulation testing results show that the proposed algorithm reduces the size of multi-firewall rule set comparing with other algorithms.