Scribd Logo
Upload

Welcome to Scribd!

  • Working Example (1)

    Uploaded by

    Mrs. Dhwani Hakani ADF-PHD
    1 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    1 views5 pages

    Working Example (1)

    Uploaded by

    Mrs. Dhwani Hakani ADF-PHD

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    Sample Firewall Rules

    RID Protocol SIP SPort DIP DPort Action


    1 TCP 192.4.4.44 45 192.4.4.18 53 Allow

    2 TCP 192.4.4.44 45 192.4.4.18 53 Deny

    3 TCP 192.4.4.28 515 192.4.4.50 45 Allow

    4 TCP 192.4.4.20/40 8080 192.4.4.10/52 143 Allow

    5 TCP 192.4.4.20/30 8080 192.4.4.10/50 143 Deny

    6 TCP 192.4.4.38 8080 192.4.4.10/52 143 Allow

    7 TCP 192.4.4.38 8080 192.4.4.10/52 143 Deny

    8 TCP 192.4.4.15 80 192.4.4.11/52 45 Deny

    9 TCP 192.4.4.23/35 8080 192.4.4.38 143 Deny

    10 TCP 192.4.4.15 80 192.4.4.40 45 Allow

    Precedence Relation

    Rule ID Precedence Relation


    1 [2]
    2 []
    3 []
    4 [5, 7, 9]
    5 []
    6 [7]
    7 []
    8 [10]
    9 []
    10 []

    First compute matching probability


    ∑𝑁
    𝑗=𝑖+1 𝜂𝑖𝑗
    𝑃 (𝑟𝑖 ) = 𝑝𝑖 =
    𝑁

    𝑓
    ∑𝑀
    𝑓=1 𝛿𝑖𝑗
    𝜂𝑖𝑗 =
    𝑀

    P(r1) =( 𝜂𝑖𝑗 (r1,r2)+ 𝜂𝑖𝑗 (r1,r3)+ 𝜂𝑖𝑗 (r1,r4)+ 𝜂𝑖𝑗 (𝑟1, 𝑟5) +…+𝜂𝑖𝑗 (𝑟1, 𝑟10))/10

    𝜂𝑖𝑗 (r1,r2) is matching fields count

    R1 TCP 192.4.4.44 45 192.4.4.18 53

    R2 TCP 192.4.4.44 45 192.4.4.18 53

    𝜂𝑖𝑗 (r1,r2) = 5/5 = 1

    𝜂𝑖𝑗 (r1,r3)

    R1 TCP 192.4.4.44 45 192.4.4.18 53

    R3 TCP 192.4.4.28 515 192.4.4.50 45

    𝜂𝑖𝑗 (r1,r3) = 1/5 = 0.2

    𝜂𝑖𝑗 (r1,r4)

    R1 TCP 192.4.4.44 45 192.4.4.18 53

    R4 TCP 192.4.4.20/40 8080 192.4.4.10/52 143

    𝜂𝑖𝑗 (r1,r4) = 2/5 = 0.4

    𝜂𝑖𝑗 (r1,r5) : 2/5 = 0.4

    𝜂𝑖𝑗 (r1,r6) : 2/5 = 0.4

    𝜂𝑖𝑗 (r1,r7) : 2/5 = 0.4

    𝜂𝑖𝑗 (r1,r8): 2/5 = 0.4

    𝜂𝑖𝑗 (r1,r9) : 1/5 = 0.2


    𝜂𝑖𝑗 (r1,r10) : 1/5 = 0.2

    P(r1) = sum all 𝜂𝑖𝑗 / 9

    P(r1) =( 1.0 + 0.2 +0.4 +0.4 +0.4 +0.4 +0.4 +0.2 +0.2)/9 = 3.6/ 9 = 0.4

    Likewise compute for all rules

    Rule ID Matching Probability


    1 0.4
    2 0.325
    3 0.486
    4 0.8
    5 0.52
    6 0.653
    7 0.53
    8 0.7
    9 0.2
    10 0.0

    Find precedence connection between rules

    ∑𝑁
    𝑗=1 𝜌𝑖𝑗
    𝑃𝑚(𝑖 ) =
    𝑁

    1, 𝑖𝑓 𝑟𝑖 𝑖𝑠 𝑝𝑟𝑒𝑐𝑒𝑑𝑒 𝑟𝑗
    𝜌𝑖𝑗 = {
    0, 𝑂𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒

    Precedence matrix

    Rules 1 2 3 4 5 6 7 8 9 10 Sum 𝑃𝑚(𝑖 )

    1 0 1 0 0 0 0 0 0 0 0 1 0.1

    2 0 0 0 0 0 0 0 0 0 0 0 0

    3 0 0 0 0 0 0 0 0 0 0 0 0
    4 0 0 0 0 1 0 1 0 1 0 3 0.3

    5 0 0 0 0 0 0 0 0 0 0 0 0

    6 0 0 0 0 0 0 1 0 0 0 1 0.1

    7 0 0 0 0 0 0 0 0 0 0 0 0

    8 0 0 0 0 0 0 0 0 0 1 1 0.1

    9 0 0 0 0 0 0 0 0 0 0 0 0

    10 0 0 0 0 0 0 0 0 0 0 0 0

    Compute weight-1 = Pr(i) + Pm(i) = 0.4+0.1 = 0.5

    If Pm(i) > 0 𝑤𝑒𝑖𝑔ℎ𝑡_2 = 𝑝𝑖 + 𝑃𝑚(𝑖)

    Else

    Weight-2= 0

    Compute weight-2 =0.5

    For Rule-2

    Weight-1 = 0.325

    Weight-2 = 0

    Rules weight

    Rule ID Weight-1 Weight-2


    1 0.5 0.5
    2 0.325 0.0
    3 0.4857 0.0
    4 1.1 1.1
    5 0.52 0.0
    6 0.75 0.75
    7 0.5333 0.0
    8 0.7999 0.7999
    9 0.2 0.0
    10 0.0 0.0

    Sort weight by descending order to get the rule order

    Weight-1 r4 r8 r6 r7 r5 r1 r3 r2 r9 r10

    Weight-2 r4 r8 r6 r1 r2 r3 r5 r7 r9 r10

    𝜓 = ∑ 𝑅𝐼𝑖 𝜔𝑖
    𝑖=1

    For weight-1 === 4*1.1 + 8 * 0.799 +6*0.75+7*0.533 …. +9*0.2 + 10 *0 = 26.04

    For weight-2 ==== 4*1.1 + 8 * 0.799 + 6*0.75+1*0.5…. +9*0.0 + 10 *0 = 15.8

    Minimum weight will be taken and the optimal order is

    Weight-2 r4 r8 r6 r1 r2 r3 r5 r7 r9 r10

    These sorted rule indexes are given to the input as the PSO for rule optimization.

    You might also like