Home // PATTERNS 2021, The Thirteenth International Conference on Pervasive Patterns and Applications // View article

Usage of Iterated Local Search to Improve Firewall Evolvability

Authors:
Geert Haerens

Keywords: Firewall, Rule Base, Evolvability, Metaheuristics, Iterated Local Search.

Abstract:
The Transmission Control Protocol/Internet Protocol (TCP/IP) based firewall is a notorious non-evolvable system. Changes to the firewall often result in unforeseen side effects, resulting in the unavailability of network resources. The root cause of these issues lies in the order sensitivity of the rule base and hidden relationships between rules. It is not only essential to define the correct rule. The rule must be placed at the right location in the rule base. As the rule base becomes more extensive, the problem increases. According to Normalized Systems, this is a Combinatorial Effect. In previous research, an artifact has been proposed to build a rule base from scratch in such a way that the rules will be disjoint from each other. Having disjoint rules is the necessary condition to eliminate the order sensitivity and thus the evolvability issues. In this paper, an algorithm, based on the Iterated Local Search metaheuristic, will be presented that will disentangle the service component in an existing rule base into disjoint service definitions. Such disentanglement is a necessary condition to transform a non-disjoint rule base into a disjoint rule base.

Pages: 1 to 10

Copyright: Copyright (c) IARIA, 2021

Publication date: April 18, 2021

Published in: conference

ISSN: 2308-3557

ISBN: 978-1-61208-850-1

Location: Porto, Portugal

Dates: from April 18, 2021 to April 22, 2021