Optimizations and Analysis in Firewall Anomaly Resolution

The purpose of this thesis is to find an optimized algorithm to detect and solve anomalies and conflicts inside network firewalls by interrogating the administrator with the minimum number of queries possible. Anomalies and conflicts between rules inside firewalls may arise due to the wrong rules’ priority order, or some rules may become obsolete and they should be removed, there could also be mistakes such as duplication of rules, etc. After studying all the relationship cases between the rules and how they could generate conflicts and which type of conflicts, it was defined a semantic to query the network administrator, such that it meets the desired requirements and then it was designed an algorithm. In the theoretical algorithm it is used a SAT solver in which you force the constraint in order to reach the minimum number of queries. In the code implementation it is used the Java language, with the assume that in some cases it may not be optimal, but it requires one more cycle than the minimum number. Therefore, the algorithm is able to first determine clusters of rules inside a firewall that interact with each other, detect the potential conflicts within them and solve the conflicts in an efficient way.