Method and apparatus for optimizing a firewall

US 7,966,655 B2
Filed: 06/30/2006
Issued: 06/21/2011
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for optimizing a set of rules associated with a firewall security policy, the method comprising:

examining stored characteristics associated with network traffic monitored by a firewall;

determining rule invocation of one or more rules in a first set of rules, with respect to the network traffic, the first set of rules being associated with a firewall security policy;

automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein performing the online adaptation technique further comprises;

generating a long-term rule hit profile based on traffic variability;

comparing a short-term traffic pattern with the long-term rule hit profile; and

generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and

enforcing the firewall security policy, based on the second set of rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method and system for optimizing a first set of rules enforced by a firewall on network traffic. Characteristics of the network traffic are examined and these characteristics are used to generate a second set of rules. The first set of rules may have a different order than the second set of rules.

34 Citations

View as Search Results

24 Claims

1. A method for optimizing a set of rules associated with a firewall security policy, the method comprising:
- examining stored characteristics associated with network traffic monitored by a firewall;
  
  determining rule invocation of one or more rules in a first set of rules, with respect to the network traffic, the first set of rules being associated with a firewall security policy;
  
  automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein performing the online adaptation technique further comprises;
  
  generating a long-term rule hit profile based on traffic variability;
  
  comparing a short-term traffic pattern with the long-term rule hit profile; and
  
  generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and
  
  enforcing the firewall security policy, based on the second set of rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the step of enforcing the firewall security policy further comprises enforcing, by the firewall, the second set of rules on the network traffic.
  - 3. The method of claim 1 further comprising removing redundancies in the first set of rules.
  - 4. The method of claim 1 further comprising generating a disjoint rule set from the first set of rules.
  - 5. The method of claim 4 further comprising removing dependencies from the first set of rules.
  - 6. The method of claim 5 further comprising creating new rules.
  - 7. The method of claim 4 further comprising merging rules to generate a rule set based optimized set of rules.
  - 8. The method of claim 1 wherein performing the online adaptation technique further comprises performing at least one of profile based reordering and anomaly detection and countermeasure.
  - 9. The method of claim 1 wherein the second set of rules has a different order than the first set of rules.

10. A firewall enforcing a set of rules associated with a firewall security policy, the firewall comprising:
- a traffic based optimizer configured to;
  
  examine stored characteristics associated with network traffic monitored by the firewall;
  
  determine rule invocation of one or more rules in a first set of rules with respect to the network traffic, the first set of rules being associated with a firewall security policy; and
  
  automatically generate a second set of rules based on the rule invocation, by at least performing an online adaptation technique comprising generating a long-term rule hit profile based on traffic variability, comparing a short-term traffic pattern with the long-term rule hit profile, and generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile;
  
  the firewall configured to enforce the firewall security policy, based on the second set of rules.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The firewall of claim 10 further comprising a rule set based optimizer configured to remove redundancies in the first set of rules.
  - 12. The firewall of claim 10 further comprising a rule set based optimizer configured to generate a disjoint rule set from the first set of rules.
  - 13. The firewall of claim 12 wherein the rule set based optimizer is configured to remove dependencies from the first set of rules.
  - 14. The firewall of claim 12 wherein the rule set based optimizer is configured to create new rules.
  - 15. The firewall of claim 12 wherein the rule set based optimizer is configured to merge rules to generate a rule set based optimized set of rules.
  - 16. The firewall of claim 15 wherein traffic based optimizer is configured to perform at least one of profile based reordering and anomaly detection and countermeasure on the rule set based optimized set of rules to generate the second set of rules.
  - 17. The firewall of claim 10 wherein the first set of rules has a different order than the second set of rules.

18. A firewall enforcing a set of rules associated with a firewall security policy, the firewall comprising:
- means for examining stored characteristics associated with network traffic monitored by the firewall;
  
  means for determining rule invocation of one or more rules in a first set of rules with respect to the network traffic, the first set of rules being associated with a firewall security policy;
  
  means for automatically generating a second set of rules based on the rule invocation, by at least performing an online adaptation technique, wherein the means for performing an online adaptation technique further comprises;
  
  means for generating a long-term rule hit profile based on traffic variability;
  
  means for comparing a short-term traffic pattern with the long-term rule hit profile; and
  
  means for generating the second set of rules when a discrepancy is detected between the short-term traffic pattern and the long-term rule hit profile; and
  
  means for enforcing the firewall security policy, based on the second set of rules.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The firewall of claim 18 further comprising means for removing redundancies in the first set of rules.
  - 20. The firewall of claim 18 further comprising means for generating a disjoint rule set from the first set of rules.
  - 21. The firewall of claim 20 further comprising means for removing dependencies from the first set of rules.
  - 22. The firewall of claim 21 further comprising means for creating new rules.
  - 23. The firewall of claim 20 further comprising means for merging rules to generate a rule set based optimized set of rules.
  - 24. The firewall of claim 18 wherein the means for performing the online adaptation technique further comprises means for performing at least one of profile based reordering and anomaly detection and countermeasure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Acharya, Subrata, Ge, Zihui, Wang, Jia, Greenberg, Albert Gordon
Primary Examiner(s)
Dinh; Minh

Application Number

US11/478,829
Publication Number

US 20080005795A1
Time in Patent Office

1,817 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

Method and apparatus for optimizing a firewall

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for optimizing a firewall

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links