CN101834843A - Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules - Google Patents
Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules Download PDFInfo
- Publication number
- CN101834843A CN101834843A CN 201010126786 CN201010126786A CN101834843A CN 101834843 A CN101834843 A CN 101834843A CN 201010126786 CN201010126786 CN 201010126786 CN 201010126786 A CN201010126786 A CN 201010126786A CN 101834843 A CN101834843 A CN 101834843A
- Authority
- CN
- China
- Prior art keywords
- filtering rule
- throughput rate
- fire bulkhead
- order
- bar number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for establishing relation between fire bulkhead throughout rate and number and sort order of filter rules, and aims to improve the fire bulkhead property in a network. The method comprises the following steps: measuring to obtain the fire bulkhead throughout rate corresponding to the average search depth of different filter rules; establishing a relation model of the fire bulkhead throughout rate and the average search depth of the filter rules; obtaining characterization of a relation T=f(r') by carrying out data fitting on the measured data, wherein T is the fire bulkhead throughout rate, and r' is the average search depth of the filter rules; figuring out the ratio theta of the average search depth of different filter rules to the number of the filter rules; establishing a relation model of the fire bulkhead throughout rate and the number of the filter rules or/and the sort order of the filter rules; establishing a relation model of the fire bulkhead throughout rate and the number of the filter rules when the sort order of the filter rules is fixed; establishing a relation model of the fire bulkhead throughout rate and the sort order of the filter rules when the number of the filter rules is fixed; and establishing a relation model of the fire bulkhead throughout rate and the number and sort order of the filter rules.
Description
Technical field
The present invention relates to a kind of method that solves internet device to the rate of information throughput, more particularly, the present invention relates to set up in the Internet method of fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation of putting in order.
Background technology
Along with the fast development of the Internet, the main frame on the Internet is on the increase, and it is most important that network security more and more seems.Fire compartment wall is " gate " together that is arranged between Intranet and the outer net as one of guarantee means of network security, is the only gateway of information between secure network and the insecure network.By safety control strategy (allow, refuse, monitor) is set on fire compartment wall, information to the turnover network scans, filters, uncertain to prevent, potential destructive intrusion is arranged, facts have proved that fire compartment wall is one of safety devices of minority success.
Packet filtering system be fire compartment wall the most basic, most important, also be most crucial part.The general strategy that mates in proper order from article one rule beginning of rule set that adopts of common firewall filtering process if the match is successful for certain bar rule, is then carried out this rule corresponding action, mates next packet then.The filtering rule set of a fire compartment wall may comprise tens or more rules more, but owing to there is certain incidence relation between the rule, rule must be arranged in proper order according to certain, the reason that fire compartment wall employing that Here it is is mated in proper order.
In security strategy, the main task of Packet Filtering is based on the filtering policy that one group of rule describes and comes packet is classified.The information that the filtering data bag uses usually is included in the data packet head, just host-host protocol, source I P, source port, destination IP and destination interface.Each filtering rule is exactly an array value of data packet head.If corresponding some rules are mated in the packet header of a packet, so, we just say this data packet matched this rule.In fire compartment wall, if a data packet matched rule, this rule will be carried out a relevant action, and this action will indicate whether refusal or accept packet to a special interface.If packet not and any rule match success in the rule base, will not abandon this bag according to default policy so, general default rule (last rule) is to refuse.In firewall policy, filtering rule might be correlated with, and therefore a packet can mate one or more rule.
In recent years, along with the development of technology, it is more and more faster that link-speeds becomes.When packet is filtered, a conspicuous requirement is all arranged usually, the packet loss of promptly trying not.In fact when carrying out Packet Filtering, also implied an even more important requirement, promptly can not the buffer memory bag.Under such background, people have higher requirement to the Packet Filtering speed of fire compartment wall.
Along with increasing of firewall rule number, and the raising of rule set dimension, rule match has become the performance bottleneck of the many network equipments that comprise fire compartment wall, router.
Generally speaking, data flow on the network continues for some time always, therefore, if can be by the order of firewall filtering rule is dynamically adjusted, make the pairing filtering rule of data flow of flow maximum in the current network be positioned at the front end of list of rules, carry out the required time of rule match with regard to reducing follow-up homogeneous data bag, thereby improve fire wall performance.The Mathematical Modeling of relation can provide the foundation of theory and technology method for this method between reflection fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order, but did not also have a kind of method of setting up fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation of putting in order at present.
Summary of the invention
The invention solves does not also have a kind of problem of setting up the method for fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation of putting in order at present, and a kind of method of setting up fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation of putting in order is provided.
For solving the problems of the technologies described above, the present invention adopts following technical scheme to realize: the described method of setting up fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order comprises the steps:
1. record the fire bulkhead throughput rate of different filtering rule average search degree of depth correspondences.
2. set up the relational model of the fire bulkhead throughput rate and the filtering rule average search degree of depth;
Described fire bulkhead throughput rate and filtering rule average search depth relationship model obtain following relational expression by the data that record by data fitting and characterize:
T=f(r′)
In the formula: the throughput of T-fire compartment wall, the r '-filtering rule average search degree of depth.
3. obtain the ratio θ of the filtering rule average search degree of depth and filtering rule bar number;
When finding the solution the ratio θ of the filtering rule average search degree of depth and filtering rule bar number, can try to achieve by one of following two kinds of methods:
1) utilize following relational expression to find the solution:
In the formula: r-filtering rule bar number, the r '-filtering rule average search degree of depth;
2) provide empirical value by one of skill in the art.
4. set up fire bulkhead throughput rate and filtering rule bar number or/and the relational model that filtering rule puts in order;
1) sets up the filtering rule relational model of fire bulkhead throughput rate and filtering rule bar number regularly that puts in order.
2) set up the relational model that several timing fire bulkhead throughput rates of filtering rule bar and filtering rule put in order.
3) set up the relational model that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order.
Described in the technical scheme set up filtering rule put in order one regularly the relational model of fire bulkhead throughput rate and filtering rule bar number be meant:
With formula
Put in order with the reflection filtering rule and to obtain following relational expression sign among the θ value substitution formula T=f (r ') of situation:
T=g(r)=f(θ·r)
In the formula: r is a variable, and θ is by formula
The definite value that calculates or provide.
Described set up filtering rule bar several regularly the relational model that puts in order of fire bulkhead throughput rates and filtering rule be meant:
R value and formula with filtering rule bar number
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=h(θ)=f(r·θ)
In the formula: r is a definite value, and θ is a variable.
Describedly set up the relational model that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order and be meant:
With formula
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=p(r,θ)=f(θ·r)
In the formula: r and θ are variable.
Compared with prior art the invention has the beneficial effects as follows:
1. the method for setting up fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order of the present invention is easily understood, and is easy to operate.Formula (1) is the basis of modeling of the present invention, and this formula is to be that basic method by numerical fitting obtains with the statistics, and NUMERICAL MATCH METHOD FOR is simple, and the model of foundation tallies with the actual situation, and is fit to very much engineering and uses.Formula (3), formula (4) and formula (5) obtain deriving in formula (2) and corresponding r value or the θ value substitution formula (1) respectively, and derivation is simple, is convenient to operation.
2. utilize and of the present inventionly set up fire bulkhead throughput rate and filtering rule bar number and fire bulkhead throughput rate that the method for the relation of putting in order is set up and filtering rule bar number and the filtering rule relational model that puts in order can disclose fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation between putting in order, and can be for putting in order and improve the foundation that fire wall performance provide theory and technical method by adjusting filtering rule.
3. of the present invention set up fire bulkhead throughput rate and filtering rule bar number and the method for the relation of putting in order with the ratio θ of the filtering rule average search degree of depth and filtering rule bar number as representing the put in order parameter of situation of filtering rule, this method has avoided using putting in order (with the position of a filtering rule of a parametric representation of too much parametric representation filtering rule, represent putting in order of filtering rule with the set of all these parameters), reduce complexity, had stronger practicality.
Description of drawings
The present invention is further illustrated below in conjunction with accompanying drawing:
Fig. 1 is a FB(flow block) of setting up the method for fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order of the present invention.
Embodiment
Below in conjunction with accompanying drawing the present invention is explained in detail:
Consult Fig. 1, the method for setting up fire bulkhead throughput rate and filtering rule bar number and the filtering rule relation of putting in order comprises the steps:
1. record the fire bulkhead throughput rate of different filtering rule average search degree of depth correspondences
The described filtering rule average search degree of depth be meant packet with the firewall rule storehouse in rule when mating, the average bar number of fire compartment wall search filtering rule.When the fire bulkhead throughput rate of the different filtering rule average search degree of depth correspondences of test, the increase and decrease of the filtering rule average search degree of depth is more flexible, can increase the filtering rule average search degree of depth gradually with identical or different step-length, also can reduce the filtering rule average search degree of depth gradually with identical or different step-length.The workload that concrete step-length can be born by test request and tester or testing equipment is decided, and in general, step-length is more little, and the data that record are accurate more, and the model of Jian Liing is also accurate more thus.
When the method for utilizing data fitting is set up fire bulkhead throughput rate and filtering rule average search depth relationship model, generally select for use multinomial to carry out match, and in order to prevent imperial lattice phenomenon, polynomial number of times generally is no more than three times.
2. set up the relational model of the fire bulkhead throughput rate and the filtering rule average search degree of depth
Described fire bulkhead throughput rate and filtering rule average search depth relationship model obtain following relational expression by the data that record by data fitting and characterize:
T=f(r′)????????????????????????????????(1)
In the formula: the throughput of T-fire compartment wall, the r '-filtering rule average search degree of depth.
3. obtain the ratio θ of the filtering rule average search degree of depth and filtering rule bar number
The put in order difference of filtering rule in rule base, the filtering rule average search degree of depth are just different, and the θ value is also different, so the θ value can reflect putting in order of filtering rule to a certain extent; Filtering rule puts in order to the influence of fire bulkhead throughput rate, come down to of the influence of the filtering rule average search degree of depth to fire bulkhead throughput rate, though therefore the θ value can not reflect every position that filtering rule is concrete fully, but put in order concerning the angle of fire bulkhead throughput rate influence from filtering rule, can be with the θ value as the parameter of representing that filtering rule puts in order.
When finding the solution the ratio θ of the filtering rule average search degree of depth and filtering rule bar number, count r and filtering rule average search degree of depth r ' if can record the filtering rule bar, can utilize relational expression:
Find the solution;
In the formula: r-filtering rule bar number, the r '-filtering rule average search degree of depth.
Count r and filtering rule average search degree of depth r ' if can't record the filtering rule bar, can allow one of skill in the art that an empirical value is provided.
4. set up fire bulkhead throughput rate and filtering rule bar number or/and the relational model that filtering rule puts in order
1) sets up the filtering rule relational model of fire bulkhead throughput rate and filtering rule bar number regularly that puts in order
It necessarily is that θ value one timing fire bulkhead throughput rate and filtering rule bar number relation can be passed through formula that described filtering rule puts in order
Put in order with the reflection filtering rule and to obtain following relational expression sign among the θ value substitution formula T=f (r ') of situation:
T=g(r)=f(θ·r)????????????????????????????(3)
In the formula: r is a variable, and θ is by formula
The definite value that calculates or provided by one of skill in the art, it has reflected the situation that puts in order of filtering rule.
2) set up the relational model that several timing fire bulkhead throughput rates of filtering rule bar and filtering rule put in order
Several timing fire bulkhead throughput rates of described filtering rule bar and the filtering rule relation of putting in order can be by representing the r value and the formula of filtering rule bar number
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=h(θ)=f(r·θ)???????????????????????????(4)
In the formula: r is a definite value, and θ is the put in order variable of situation of reflection filtering rule.
3) set up the relational model that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order
Described fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order can be passed through formula
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=p(r,θ)=f(θ·r)????????????????????????(5)
In the formula: r and θ are variable.
Formula (3) is the relational expression of filtering rule fire bulkhead throughput rate and filtering rule bar number when putting in order necessarily (θ value certain), formula (4) is the relational expression that several timing fire bulkhead throughput rates of filtering rule bar and filtering rule put in order, formula (5) is the relational expression that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order, and these three relational expressions all are to derive to draw on the basis of formula (1).When practical application, if put in order (the θ value is known) of known filtering rule need find the solution the influence of filtering rule bar number to fire bulkhead throughput rate, can use formula (3) to find the solution; If the bar number of known filtering rule (the r value is known) need be found the solution filtering rule and be put in order to the influence of fire bulkhead throughput rate, can use formula (4) to find the solution; Find the solution filtering rule bar number and filtering rule if desired simultaneously and put in order, can use formula (5) to find the solution the influence of fire bulkhead throughput rate.
Below in conjunction with a specific embodiment method of setting up fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order that the present invention proposes is described further.
The purpose of embodiment is exactly to utilize the present invention that certain model fire compartment wall is set up its throughput and filtering rule bar number and the relation that puts in order.
1. the fire bulkhead throughput rate when testing the different filtering rule average search degree of depth
The fire bulkhead throughput rate of the different filtering rule average search degree of depth correspondences that record is as shown in table 1.
Table 1
| Filtering rule average search degree of depth r '/bar | ??130 | ??150 | ??170 | ??190 | ??210 | ??230 | ??250 | ??270 | ??290 | ??340 | ??390 | ??440 | ??490 |
| Fire bulkhead throughput rate/kpps | ??269 | ??265 | ??262 | ??260 | ??259 | ??256 | ??254 | ??253 | ??252 | ??249 | ??242 | ??236 | ??230 |
2. set up the relational model of the fire bulkhead throughput rate and the filtering rule average search degree of depth
Test data in the his-and-hers watches 1 is carried out data fitting, obtains the relational expression of the fire bulkhead throughput rate and the filtering rule average search degree of depth:
T=278.60-8.88×10
-2r′-1.75×10
-5r
′2????????????????(6)
Coefficient of determination R as model goodness of fit index
2=0.9875, show that 98.75% the information of having an appointment explained that by above-mentioned model the goodness of fit is fine; Simultaneously, the value of model conspicuousness and model parameter significance test is all less than 10
-6The magnitude level illustrates that model has the reliability on the statistical significance.Need to prove that the scope of application of formula (6) is r ' value between 130~490.
3. obtain the ratio θ of the filtering rule average search degree of depth and filtering rule bar number
Here the empirical value that adopts one of skill in the art to provide, θ=0.75.
4. the relational model of fire bulkhead throughput rate and filtering rule bar number when setting up filtering rule and putting in order necessarily (θ value certain)
The relational expression of fire bulkhead throughput rate and filtering rule bar number when θ=0.75 and formula (2) substitution formula (6) can be drawn filtering rule and put in order necessarily (θ=0.75):
T=278.60-6.66×10
-2r-1.31×10
-5r
2????????????????(7)
Is r value between 173~653 by formula (2), θ=0.75 and r ' scope in the scope of application that can draw formula (7) between 130~490.
5. set up the relational model that several timing fire bulkhead throughput rates of filtering rule bar and filtering rule put in order
With the r=230 bar is example, fire bulkhead throughput rate and the filtering rule relational model that puts in order when setting up filtering rule bar number and being 230.The relational expression that fire bulkhead throughput rate and filtering rule put in order when r=230 and formula (2) substitution formula (6) can be drawn filtering rule bar number certain (r=230):
T=278.60-20.42θ-4.02×10
-3θ
2???????????????????(8)
The scope of application of formula (8) is θ value between 0~1.
6. the relational model of setting up fire bulkhead throughput rate and filtering rule bar number and putting in order
Formula (2) substitution formula (6) can be drawn fire bulkhead throughput rate and filtering rule bar number and the relational expression that puts in order:
T=278.60-8.88×10
-2θ·r-1.75×10
-5θ
2·r
2???????(9)
The scope of application of formula (9) is r value and θ value between 0~1 between 173~653.
Should be noted that at last, above embodiment is the unrestricted technical scheme of the present invention in order to explanation only, although the present invention is had been described in detail with reference to the foregoing description, those of ordinary skill in the art is to be understood that, still can make amendment or replace on an equal basis, and not break away from the scope of technical solution of the present invention the present invention.
Claims (4)
1. a method of setting up fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order is characterized in that, the described method of setting up fire bulkhead throughput rate and filtering rule bar number and the relation of putting in order comprises the steps:
1) records the fire bulkhead throughput rate of different filtering rule average search degree of depth correspondences;
2) set up the relational model of the fire bulkhead throughput rate and the filtering rule average search degree of depth;
Described fire bulkhead throughput rate and filtering rule average search depth relationship model obtain following relational expression by the data that record by data fitting and characterize:
T=f(r′)????(1)
In the formula: the throughput of T-fire compartment wall, the r '-filtering rule average search degree of depth;
3) obtain the ratio θ of the filtering rule average search degree of depth and filtering rule bar number;
When finding the solution the ratio θ of the filtering rule average search degree of depth and filtering rule bar number, can try to achieve by one of following two kinds of methods:
(1) utilize following relational expression to find the solution:
In the formula: r-filtering rule bar number, the r '-filtering rule average search degree of depth;
(2) provide empirical value by one of skill in the art;
4) set up fire bulkhead throughput rate and filtering rule bar number or/and the relational model that filtering rule puts in order;
(1) set up the filtering rule relational model of fire bulkhead throughput rate and filtering rule bar number regularly that puts in order:
(2) set up the relational model that several timing fire bulkhead throughput rates of filtering rule bar and filtering rule put in order:
(3) set up the relational model that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order.
2. set up fire bulkhead throughput rate and filtering rule bar number and the method for the relation of putting in order according to claim 1 is described, it is characterized in that, described set up filtering rule put in order one regularly the relational model of fire bulkhead throughput rate and filtering rule bar number be meant:
With formula
Put in order with the reflection filtering rule and to obtain following relational expression sign among the θ value substitution formula T=f (r ') of situation:
T=g(r)=f(θ·r)????(3)
In the formula: r is a variable, and θ is by formula
The definite value that calculates or provide.
3. set up fire bulkhead throughput rate and filtering rule bar number and the method for the relation of putting in order according to claim 1 is described, it is characterized in that, described set up filtering rule bar several regularly the relational model that puts in order of fire bulkhead throughput rates and filtering rule be meant:
R value and formula with filtering rule bar number
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=h(θ)=f(r·θ)????(4)
In the formula: r is a definite value, and θ is a variable.
4. set up fire bulkhead throughput rate and filtering rule bar number and the method for the relation of putting in order according to claim 1 is described, it is characterized in that, describedly set up the relational model that fire bulkhead throughput rate and filtering rule bar number and filtering rule put in order and be meant:
With formula
Obtaining following relational expression among the substitution formula T=f (r ') characterizes:
T=p(r,θ)=f(θ·r)????(5)
In the formula: r and θ are variable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010126786 CN101834843B (en) | 2010-03-18 | 2010-03-18 | Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010126786 CN101834843B (en) | 2010-03-18 | 2010-03-18 | Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101834843A true CN101834843A (en) | 2010-09-15 |
| CN101834843B CN101834843B (en) | 2012-12-05 |
Family
ID=42718774
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010126786 Expired - Fee Related CN101834843B (en) | 2010-03-18 | 2010-03-18 | Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101834843B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868737A (en) * | 2012-08-30 | 2013-01-09 | 浪潮(北京)电子信息产业有限公司 | Safe scheduling method and system |
| CN104468161A (en) * | 2013-09-17 | 2015-03-25 | 中国移动通信集团设计院有限公司 | Configuration method and apparatus of firewall rule set, and firewall |
| CN108462717A (en) * | 2018-03-21 | 2018-08-28 | 北京理工大学 | The firewall rule sets under discrimination optimization method of rule-based match hit rate and distribution variance |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1357724A1 (en) * | 2002-04-23 | 2003-10-29 | Alcatel | Data filtering management device |
| CN101014048A (en) * | 2007-02-12 | 2007-08-08 | 杭州华为三康技术有限公司 | Distributed firewall system and method for realizing content diction of firewall |
| CN101060521A (en) * | 2006-04-18 | 2007-10-24 | 华为技术有限公司 | Information packet filtering method and network firewall |
| CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
-
2010
- 2010-03-18 CN CN 201010126786 patent/CN101834843B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1357724A1 (en) * | 2002-04-23 | 2003-10-29 | Alcatel | Data filtering management device |
| CN101060521A (en) * | 2006-04-18 | 2007-10-24 | 华为技术有限公司 | Information packet filtering method and network firewall |
| CN101014048A (en) * | 2007-02-12 | 2007-08-08 | 杭州华为三康技术有限公司 | Distributed firewall system and method for realizing content diction of firewall |
| CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
Non-Patent Citations (1)
| Title |
|---|
| 《吉林师范大学学报(自然科学版)》 20050228 田正军等 利用智能型防火墙实现网络安全 第54-56、61页 1-4 , 第1期 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868737A (en) * | 2012-08-30 | 2013-01-09 | 浪潮(北京)电子信息产业有限公司 | Safe scheduling method and system |
| CN102868737B (en) * | 2012-08-30 | 2015-09-02 | 浪潮(北京)电子信息产业有限公司 | Security dispatching method and system |
| CN104468161A (en) * | 2013-09-17 | 2015-03-25 | 中国移动通信集团设计院有限公司 | Configuration method and apparatus of firewall rule set, and firewall |
| CN104468161B (en) * | 2013-09-17 | 2018-05-22 | 中国移动通信集团设计院有限公司 | A kind of collocation method of firewall rule sets under discrimination, device and fire wall |
| CN108462717A (en) * | 2018-03-21 | 2018-08-28 | 北京理工大学 | The firewall rule sets under discrimination optimization method of rule-based match hit rate and distribution variance |
| CN108462717B (en) * | 2018-03-21 | 2020-07-28 | 北京理工大学 | Firewall rule set optimization method based on rule matching hit rate and distribution variance |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101834843B (en) | 2012-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106304371A (en) | A kind of data transmission method, device, terminal, base station and system | |
| CN105763606B (en) | A kind of method and system of service chaining agent polymerization | |
| CN101834843B (en) | Method for establishing relation between fire bulkhead throughput rate and number and sort order of filer rules | |
| CN104394180B (en) | A kind of wireless terminal authentication method, wireless router and system | |
| CN104091122A (en) | Detection system of malicious data in mobile internet | |
| WO2016061957A1 (en) | Method and apparatus for evaluating service traffic in lte network | |
| CN103780317A (en) | Double-threshold collaborative frequency spectrum perception method based on trust degree | |
| CN104702623B (en) | IP blockage method and system | |
| CN104639316A (en) | Channel self-adaptive method of quantum key distribution system and QKD (quantum key distribution) system based on channel self-adaptive method | |
| CN109639535A (en) | A kind of routing relation detection method and device | |
| EP2890063A1 (en) | Method and apparatus for determining energy-efficient routing | |
| CN105959939A (en) | Authorized user safe transmission oriented power distribution method in cognitive wireless network | |
| Jiang et al. | Convergence and stability of a distributed CSMA algorithm for maximal network throughput | |
| CN106506557A (en) | A kind of Portscan Detection Method and device | |
| Mori et al. | Identifying heavy-hitter flows from sampled flow statistics | |
| Berman et al. | Positive matrices associated with synchronised communication networks | |
| Mao et al. | Capacity of large wireless networks with generally distributed nodes | |
| CN107196863A (en) | A kind of code rate adjustment method and electronic equipment | |
| EP3447668B1 (en) | Utilizing routing for secure transactions | |
| DE102007007345A1 (en) | Method and device for providing a wireless mesh network | |
| CN105704737A (en) | Cell capacity evaluation method and device | |
| CN106454934A (en) | False alarm signal detection method and base station | |
| CN103957128A (en) | Method and system for monitoring data flow direction in cloud computing environment | |
| Hu et al. | Performance analysis of a threshold-based dynamic TXOP scheme for intra-AC QoS in wireless LANs | |
| CN112367311B (en) | DDoS attack detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121205 Termination date: 20160318 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |