WEKO3
アイテム
Detection of Conflicts Caused by a Combination of Filters Based on Spatial Relationships
https://ipsj.ixsq.nii.ac.jp/records/9445
https://ipsj.ixsq.nii.ac.jp/records/944508b1db65-b389-4d04-9bdc-b61692534c1e
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL4909018.pdf (1.3 MB)
|
Copyright (c) 2008 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2008-09-15 | |||||||
| タイトル | ||||||||
| タイトル | Detection of Conflicts Caused by a Combination of Filters Based on Spatial Relationships | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | Detection of Conflicts Caused by a Combination of Filters Based on Spatial Relationships | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| キーワード | ||||||||
| 主題Scheme | Other | |||||||
| 主題 | 特集:安心・安全な社会基盤を実現するコンピュータセキュリティ技術 | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||
| 資源タイプ | journal article | |||||||
| その他タイトル | ||||||||
| その他のタイトル | 侵入検出・検知 | |||||||
| 著者所属 | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者所属 | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者所属 | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Nagoya Institute of Technology | ||||||||
| 著者名 |
Yi, Yin
× Yi, Yin
|
|||||||
| 著者名(英) |
Yi, Yin
× Yi, Yin
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Packet filtering in firewalls is one of the useful techniques for network security. This technique examines network packets and determines whether to accept or deny them based on an ordered set of filters. If conflicts exist in filters of a firewall for example one filter is never executed because of the prevention of a preceding filter the behavior of the firewall might be different from the administrator's intention. For this reason it is necessary to detect conflicts in a set of filters. Previous researches that focused on detecting conflicts in filters paid considerable attention to conflicts caused by one filter affecting another but they did not consider conflicts caused by a combination of multiple filters. We developed a method of detecting conflicts caused by a combination of filters affecting another individual filter based on their spatial relationships. We also developed two methods of finding all requisite filter combinations from a given combination of filters that intrinsically cause errors to another filter based on top-down and bottom-up algorithms. We implemented prototype systems to determine how effective the methods we developed were. The experimental results revealed that the detecting conflicts method and the method of finding all requisite filter combinations based on the bottom-up algorithm can be used for practical firewall policies. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Packet filtering in firewalls is one of the useful techniques for network security. This technique examines network packets and determines whether to accept or deny them based on an ordered set of filters. If conflicts exist in filters of a firewall, for example, one filter is never executed because of the prevention of a preceding filter, the behavior of the firewall might be different from the administrator's intention. For this reason, it is necessary to detect conflicts in a set of filters. Previous researches that focused on detecting conflicts in filters paid considerable attention to conflicts caused by one filter affecting another, but they did not consider conflicts caused by a combination of multiple filters. We developed a method of detecting conflicts caused by a combination of filters affecting another individual filter based on their spatial relationships. We also developed two methods of finding all requisite filter combinations from a given combination of filters that intrinsically cause errors to another filter based on top-down and bottom-up algorithms. We implemented prototype systems to determine how effective the methods we developed were. The experimental results revealed that the detecting conflicts method and the method of finding all requisite filter combinations based on the bottom-up algorithm can be used for practical firewall policies. | |||||||
| 書誌レコードID | ||||||||
| 収録物識別子タイプ | NCID | |||||||
| 収録物識別子 | AN00116647 | |||||||
| 書誌情報 |
情報処理学会論文誌 巻 49, 号 9, p. 3121-3135, 発行日 2008-09-15 |
|||||||
| ISSN | ||||||||
| 収録物識別子タイプ | ISSN | |||||||
| 収録物識別子 | 1882-7764 | |||||||
