MULTI-DIMENSIONAL GEOMETRY FOR ENHANCEMENT OF SIMULATIONS OF NETWORK DEVICES

摘要

A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, is provided. The computer-implemented method includes receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges. The computer-implemented method further includes representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space. The computer-implemented method further includes subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges. The computer-implemented method further includes decomposing the obtained concave shape into multiple convex shapes that satisfy a set of predetermined input conditions.

主权项

1. A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, the computer-implemented method comprising:
receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges, wherein the traffic simulation is filtered by access control lists and routing tables of the network devices; representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space; subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges, based on the input object and access control list rules and route tables; and decomposing the obtained concave shape into multiple convex shapes, each representing a single set of the host, port, protocol, application and vulnerability ranges that satisfy a set of predetermined input conditions.