Policies Conflict Detection Algorithm Coordinated Defense-oriented of Firewall and IDS/IPS

Authors

Qiu Song, 1. Department of Engineering, Xiangyuan Hexin Power Co. Ltd. , Taiyuan 030001, China; ;
Jiao Jian, 2. Department of Computer, Beijing Information Science & Technology University. Beijing 100192, China; ;
Dongyang Zhang, 3. Department of Computer, North China Electric Power University, Baoding 071002, China;

Abstract

Abstract: Coping with the distributed and complex threaten of networking attack, the requirement of coordinated defense of Firewall and IDS/IPS are becoming more and more urgent. As the existence of uncertainty of the judgment of Intrusion performed by IDS/IPS, Firewall and IDS/IPS often perform contradict action, that the same package matched the both rules of Firewall and IDS/IPS, and conflict arose, which would lead to illegal access control or deny of legal access control. The policies conflict detection algorithm of coordinated defense of Firewall and IDS/IPS were researched. The semantic models of firewall policy and IDS/IPS policy were proposed, the classification of the policies conflicts was proposed, and the conflicts detection algorithm of policies were proposed using OBDD (ordered binary decision diagram). The experiment demonstrates the correctness and scalability of the algorithm, and the proportion of the conflicts in real network scenario.

Recommended Citation

Song, Qiu; Jian, Jiao; and Zhang, Dongyang (2020) "Policies Conflict Detection Algorithm Coordinated Defense-oriented of Firewall and IDS/IPS," Journal of System Simulation: Vol. 27: Iss. 11, Article 21.
Available at: https://dc-china-simulation.researchcommons.org/journal/vol27/iss11/21

First Page

2770

Revised Date

2014-07-27

DOI Link

https://doi.org/

Last Page

2777

CLC

TP301

Recommended Citation

Qiu Song, Jiao Jian, Zhang Dongyang. Policies Conflict Detection Algorithm Coordinated Defense-oriented of Firewall and IDS/IPS[J]. Journal of System Simulation, 2015, 27(11): 2770-2777.