Searching security policy with acyclic directed graphs

Xiaorong Cheng¹, Sizu Hou²

¹Department of Computer Science, North China Electric Power University, Baoding 071000, China
²Department of Electronic & Communication Engineering, North China Electric Power University, Baoding 071000, China

To improve the efficiency of policy searching, a method based on the use of a weighted directed graph is studied. Regarding security states as vertices and trigger conditions as edges, the security policy knowledge base can be described as an acyclic weighted directed graph. Firstly, the graph is divided into some areas with just has an initial state node and a termination state node. Secondly, weights for each edge are set according to trigger condition frequencies, and then the optimal path from the initial state node to the termination state node is found using the A* algorithm. Finally, all state nodes are reordered on the basis of their optimal path to build an adjacency matrix and conduct depth-first traversal to search policies. Experiments showed that this method improved policy search efficiency.