Towards a Usable Anomaly Diagnosis System among Internet Firewalls’ Rules

Chi-Shih Chao,
Stephen J. H. Yang,


While configuring firewalls, firewall rule editing, ordering, and distribution must be done with extreme caution on each of cooperative firewalls. However, network operators are prone to incorrectly configuring firewalls because commonly there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in a firewall, not mention these rules among firewalls can affect mutually. To complete the crucial but laboring inspection of rule configuration on firewalls effectively and efficiently, this paper describes two of our developed diagnosis mechanisms which can speedily discover rule anomalies within/among firewalls with two innovative data structures – Rule Anomaly Relationship tree (RAR tree) and Adaptive RAR tree (ARAR tree). With the assistance of these data structures and associated algorithms, two of our developed mechanisms show significant improvements on system performance and scalability in rule anomaly diagnosis for Internet firewalls.

Citation Format:
Chi-Shih Chao, Stephen J. H. Yang, "Towards a Usable Anomaly Diagnosis System among Internet Firewalls’ Rules," Journal of Internet Technology, vol. 20, no. 3 , pp. 789-799, May. 2019.

Full Text:



  • There are currently no refbacks.

Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Library and Information Center, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan, R.O.C.
Tel: +886-3-931-7017  E-mail: