The Boeing Company
Network address translation and service aware rule generation

Abstract:

A method for generating a security policy for a network includes classifying a sample of network flows into at least one flow type selected from a group including a service flow, mirror flow, network address translation flow, and arbitrary flow; grouping the network flows based on flow type and one or more of an associated service port, source port, and destination port. Network security rules for the network are automatically generated based on the groups of network flows. The network security rules may further be transformed into a security policy and configuration files.