a firewall is the safety barrier between a computer network and the outside world. individuals, companies and large organizations alike rely on a firewall being 1(强健的,健康的) enough to 2 off(挡开,避开) 3 attempting to break into a computer system. however, managing the firewall rules that decide between online friend and 4 has proved to be complex, error-prone, expensive, and 5 for many large-networked organizations, according to a research team writing in the international journal of internet 6(互联网协议) technology. muhammad abedin of the university of texas at dallas and colleagues explain that just one error in the set of rules controlling a firewall can open up a critical vulnerability(弱点,易损性) in the system. such security problem can allow intruders to access data and programs to which they would otherwise be barred potentially leading to 7 of privacy, industrial 8(破坏,怠工) , fraud, and theft. the researchers have now developed a method for 9 the activity log files of 10 firewalls. their analysis can determine what rules the firewall is actually applying to incoming and outgoing network traffic and then compare these with the original rules to spot errors and 11(省略,疏忽) .
since the 12 of the internet, firewall technology has rapidly gone through several generations of innovation and research in a short period of time, and has delivered many powerful and cost-effective services. however, no firewall is perfect and there is always the possibility of human error or computer 13 that can inadvertently(非故意地,疏忽地) open routes allowing 14(恶毒的,恶意的) users to access off-limits systems or network 15.
previous researchers have developed analyses of firewall rule sets in an effort to discover potential security problems. however, these static approaches ignore the firewall log files which change constantly but can provide a rich source of data on network traffic. analysis, or traffic mining, of log files could potentially offer a much more rigorous way to assess the protection a firewall is providing.
"by comparing the extracted rules with the original rules, we can easily find if there is any anomaly(不规则,异常) in the original rules, and if there is any defect in the 16(履行,实现) ," the researchers explain. "our experiments show that the effective firewall rules can be 17 to a high degree of accuracy from just a small amount of data."
the approach also has the advantage of detecting anomalies(异常现象,反常现象) that lead to omissions in the logs themselves, as such "shadowed" entries are revealed as gaps when the extracted rules are compared to the original rules.
"analysis of firewall policy rules using traffic mining techniques" in international journal of internet protocol technology, 2010, 5, 3-22