PREDICTING FIREWALL RULE RANKING VALUE
1 Assignment
0 Petitions
Accused Products
Abstract
A device may obtain information regarding firewall rules. The information, for a firewall rule of the firewall rules, may include one or more match condition values and a ranking value. The firewall rule may be applicable to packets that are associated with packet information that matches the match condition values. A match condition value may be associated with a match count that identifies a quantity of times that packets match the match condition value. The ranking value may identify a quantity of times that the firewall rule has been applied to the packets. The device may obtain a new firewall rule. The device may predict a ranking value of the new firewall rule based on match condition values of the new firewall rule and/or based on analyzing the information regarding the plurality of firewall rules. The device may perform an action based on the predicted ranking value.
37 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A device, comprising:
one or more processors to; identify a model trained based on performing an analysis of match counts and ranking values associated with a plurality of firewall rules; receive a new firewall rule associated with one or more match condition values, the one or more match condition values being associated with at least one of the plurality of firewall rules; predict a ranking value corresponding to the new firewall rule using the model; and perform an action on a packet, with regard to the new firewall rule, based on the predicted ranking value. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
28. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to; identify a model trained based on performing an analysis of match counts and ranking values associated with a plurality of firewall rules; receive a new firewall rule associated with one or more match condition values, the one or more match condition values being associated with at least one of the plurality of firewall rules; predict a ranking value corresponding to the new firewall rule using the model; and perform an action on a packet, with regard to the new firewall rule, based on the predicted ranking value. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
35. A method, comprising:
-
identifying, by a device, a model trained based on performing an analysis of match counts and ranking values associated with a plurality of firewall rules; receiving, by the device, an unimplemented firewall rule associated with one or more match condition values, the one or more match condition values being associated with at least one of the plurality of firewall rules; predicting, by the device, a ranking value corresponding to the unimplemented firewall rule using the model; and performing, by the device and based on the predicted ranking value, an action on a packet with regard to the unimplemented firewall rule. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification