Determining Similarity Between Security Rules Based On Weighted Comparisons Of Their Rule Parameters

摘要

First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.

主权项

1. A computer implemented method comprising:
accessing a first security rule and a second security rule from a configuration file stored in a memory, each of the first and the second security rules including multiple rule parameters to cause a security appliance to apply an access control when a source attempts to access a destination; determining comparison points for comparing the first and the second security rules, each comparison point identifying respective rule parameters of the first and the second security rules; assigning respective weights to the comparison points; comparing, for each comparison point, the respective rule parameters against each other to produce a corresponding comparison score indicative of a level of similarity; weighting each comparison score by a weight assigned to the comparison point corresponding to the comparison score; combining the weighted comparison scores into a total score indicative of an overall level of similarity between the first and the second security rules; and classifying the first and the second security rules as identical or similar to each other based on the total score.