A Feasible Anomaly Diagnosis Mechanism for Stateful Firewall Rules

Abstract

Configuring firewalls is no easy task because typically there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in firewalls, and these rules can affect mutually. Based on the success of our previous work on anomaly diagnosis in firewall rules, this paper describes our newly developed diagnosis mechanisms which can speedily discover anomalies of stateful rules within/among firewalls with an innovative data structure - Enhanced Adaptive Rule Anomaly Relationship (or Enhanced-ARAR) tree. With the assistance of the data structure and associated algorithms, our developed system prototype shows its feasibility and efficiency in anomaly diagnosis for stateful Internet firewalls.