.NET Project On Cross-Domain Privacy-Preserving Cooperative Firewall Optimization


Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks every incoming or outgoing packet to choose whether to accept or discard of the packet based on its strategy. Optimizing firewall policies is crucial for enhancing network performance. Prior work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall strategies isn’t concern. This project explores interfirewall optimization across administrative domain for the first time. The key technical challenge is that firewall strategies can’t be shared across domain because the firewall approach contains confidential data and even potential security openings, which can be exploited by attackers.

In this project, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49{0db87490562065f9000963154745e00485813aab81ae882bf33fb536630d64aa} of the rules in a firewall, whereas the average is 19.4{0db87490562065f9000963154745e00485813aab81ae882bf33fb536630d64aa}. The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing overhead, and the offline processing time is less than a few hundred seconds.


In this project, we propose to a novel anomaly management framework for firewalls based on a rule based segmentation strategy to facilitate not only more accurate anomaly detection but also effective anomaly resolution.

Based on this technique , a network packet space characterized by a firewall approach can be separated into an arrangement of disjoint packet segments. Each segment related with a unique set of firewall rules accurately demonstrates a overlap relation (either conflicting or redundant) among those principles.

We likewise present a flexible conflict resolution technique to enable a fine-grained conflict with the help of a few effective resolution methodologies regarding the risk assessment of protected networks and the intention of policy definition.


• Correlation of Packet Space Segment

• Action Constraint Generation

• Rule Reordering

• Data Package

DOWNLOAD: Cross-Domain-Privacy-Preserving-Cooperative-Firewall-Optimization-docx


Please enter your comment!
Please enter your name here