[1] CHESWICK W, BELLOVIN S, RUBIN A. Firewalls and Internet security: repelling the Wily hacker [M]. Boston: Addison-Wesley Professional, 2003: 175-176. [2] WOOL A. A quantitative study of firewall configuration errors[J]. Computer, 2004, 37(6): 62-67. [3] AL-SHAER E, HAMED H. Firewall policy advisor for anomaly discovery and rule editing[C]// Proceedings of the 8th IFIP/IEEE International Symposium on Integrated Management. Colorado Springs: Kluwer Academic Publishers, 2003: 17-30. [4] AL-SHAER E, HAMED H. Modeling and management of firewall policies[J]. IEEE Transactions on Network and Service Management, 2004, 1(1): 2-10. [5] AL-SHAER E, HAMED H. Discovery of policy anomalies in distributed firewalls[C]// Proceedings of the 23rd Annual Joint Conference of the IEEE Computer and Communications Societies. Piscataway: IEEE, 2004: 2605-2626. [6] AL-SHAER E, HAMED H. Conflict classification and analysis of distributed firewall policies[J]. IEEE Journal on Selected Areas in Communication, 2005, 23(10): 2069-2084. [7] YUAN L, MAI J, SU Z, CHEN H, et al. FIREMAN: a toolkit for firewall modeling and analysis[C]// Proceedings of the 2013 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2006: 199-213. [8] THANASEGARAN S, YIN Y, TATEIWA Y, et al. A topology based conflict detection system for firewall policies using bit-vector-based spatial calculus[J]. International Journal of Communications, Network and System Sciences, 2011, 4(11): 683-695. [9] HU H, AHN G, KULKARNI K. Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(3): 318-331. [10] XIAO Q, QIN Y, YANG W, et al. MapReduce-based parallelization model for firewall policy conflict detecting and resolving [J]. Computer Science, 2013, 40(3): 50-54. (肖淇, 秦云川, 阳王东, 等. 一种基于MapReduce的防火墙策略冲突并行化检测及消解模型[J]. 计算机科学, 2013, 40(3): 50-54.) [11] BASILE C, CAPPADONIA A, LIOY A. Network-level access control policy analysis and transformation[J]. IEEE/ACM Transactions on Networks, 2012, 20(4): 985-998. [12] O'SULLIVAN B, GOERZEN J, STEWART D. Real world Haskell[M]. Sebastopol: O'Reilly Media, 2008: 71-76. [13] The FreeBSD Documentation. FreeBSD handbook[EB/OL].[2015-04-28]. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/. [14] ANDEREASSON O. Iptables tutorial[EB/OL]. [2015-04-28].https://www.frozentux.net/documents/iptables-tutorial/. [15] YIN Y, KATAYAMA Y, TAKAHASHI N. Detection of conflicts caused by a combination of filters based on spatial relationships[J].Journal of Information Processing, 2008, 49(9): 3121-3135. [16] The Snort Project. Snort users manual 2.9.7[EB/OL]. [2015-04-28]. http://manual.snort.org/ [17] OREBAUGH A, BILES S, BABBIN J. Snort cookbook[M]. Sebastopol: O'Reilly Media, 2005: 90-120. |