A comprehensive objective network security metric framework for proactive security configuration
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Fast Packet Classification Using Condition Factorization
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Firewall packet filtering optimization using statistical traffic awareness test
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.07 |
Packet matching plays a critical role in the performance of many network devices and a tremendous amount of research has already been invested to come up with better optimized packet filters. However, most of the related works use deterministic techniques and do not exploit the traffic characteristics in their optimization schemes. In addition, most packet classifiers give no specific consideration for optimizing packet rejection, which is important for many filtering devices like firewalls. Our contribution in this paper is twofold. First, we present a novel algorithm for maximizing early rejection of unwanted flows with minimal impact on other flows. Second, we present a new packet filtering dynamic optimization technique that uses statistical search trees to utilize traffic characteristics and minimize the average packet matching time. The proposed techniques timely adapt to changes in the traffic conditions by performing simple calculations for optimizing the search data structure. Our techniques are practically attractive because they exhibit simple-to-implement and easy-to-deploy algorithms. Our extensive evaluation study using Internet traces shows that the proposed techniques can significantly minimize the packet filtering time with reasonable memory space requirements