|
Title
|
|
|
|
Usage of iterated local search to improve firewall evolvability
| |
|
Author
|
|
|
|
| |
|
Abstract
|
|
|
|
| The Transmission Control Protocol/Internet Protocol (TCP/IP) based firewall is a notorious non-evolvable system. Changes to the firewall often result in unforeseen side effects, resulting in the unavailability of network resources. The root cause of these issues lies in the order sensitivity of the rule base and hidden relationships between rules. It is not only essential to define the correct rule. The rule must be placed at the right location in the rule base. As the rule base becomes more extensive, the problem increases. According to Normalized Systems, this is a Combinatorial Effect. In previous research, an artifact has been proposed to build a rule base from scratch in such a way that the rules will be disjoint from each other. Having disjoint rules is the necessary condition to eliminate the order sensitivity and thus the evolvability issues. In this paper, an algorithm, based on the Iterated Local Search metaheuristic, will be presented that will disentangle the service component in an existing rule base into disjoint service definitions. Such disentanglement is a necessary condition to transform a non-disjoint rule base into a disjoint rule base. |
| |
|
Language
|
|
|
|
English
| |
|
Source (book)
|
|
|
|
EMPAT-2021
| |
|
Publication
|
|
|
|
IARIA
,
2021
| |
|
ISBN
|
|
|
|
978-1-61208-850-1
| |
|
Volume/pages
|
|
|
|
(2021)
, 10 p.
| |
|
Full text (open access)
|
|
|
|
| |
|