|
|
计算机应用研究 2009
Test packet-choosing algorithm for rules updating
|
Abstract:
The deployment errors in firewall rule sets mainly come from rules updating. And hence test algorithms should be employed to verify the correctness of updating when rules are added or deleted. Current test algorithms only choose test packets from apexes of added or deleted rules, which cannot detect deployment errors caused by rule conflicts. This paper proposed a test packet-choosing algorithm for rules updating, which was named packet choosing rule updating (PCRU).PCRU chose test packets from the apexes of rules and from conflicting areas. The results of simulations show that PCRU can detect the deployment errors caused by rule conflicts when rule updating at the cost of a small number of test packets.
