Producing Security Policy of IPSec Based on Improved λ-ID3 Algorithm

IPSec is a policy-driven security mechanism. How to quickly generate corresponding security policy due to the diversity of network security is one of the core issues of IPSec. Although IPSec supports a rich set of protection modes and operations, its policy configuration remains an inefficient and error-prone task in the dynamic conditions. In this article, we propose an IPSec policy engine which can generate dynamically and store the security policy of IPSec under different algorithms. Furthermore, we extend a novel ID3 algorithm to automatically generate correct policies. The algorithm, which introduces the dynamic parameter-- importance factor λ when calculating the information entropy, can overcome the flaw of traditional ID3 algorithm that tends to choose attributes that have more values, and improve the efficiency and flexibility of IPSec security policy, and better meet the actual situation.