Fault detection in Rule-based Software systems

Abstract Motivated by packet filtering of firewall systems in Internet applications, we study the fault detection problem in the general Rule-based Software systems. We discuss algorithms for the detection of conflicts in a given set of rules. We first study a constrained version of the fault detection problem and propose a two-phase algorithm. The first phase is to do the rule normalization. The second phase is to detect conflicting rules. For this constrained version of the fault detection problem, the algorithm takes polynomial time. For the general problem, it is NP-hard. We apply the algorithms to the Rule Table getting from one of the firewalls in Bell Labs and report the experiment result.

[1]  Christos H. Papadimitriou,et al.  Elements of the Theory of Computation , 1997, SIGA.

[2]  C. S. Hood,et al.  Proactive network-fault detection [telecommunications] , 1997 .

[3]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[4]  Chuanyi Ji,et al.  Proactive network fault detection , 1997, Proceedings of INFOCOM '97.

[5]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[6]  M. Morris Mano,et al.  Computer Logic Design , 1972 .

[7]  Robert H. Deng,et al.  Models and algorithms for network fault detection and identification: a review , 1992, [Proceedings] Singapore ICCS/ISITA `92.

[8]  David Lee,et al.  SOCRATES on IP router fault detection , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).