Sciweavers

CIIT
2007

Linear-tree rule structure for firewall optimization

13 years 5 months ago
Linear-tree rule structure for firewall optimization
Given a list of filtering rules with individual hitting probabilities, it is known that the average processing time of a linear-search based firewall can be minimized by searching rules in some appropriate order. This paper proposes a new yet simple technique called the linear-tree structure. It utilizes an advanced feature of modern firewalls, the “goto”like statement, to transform the given rule list into a rule set that is functionally equivalent to the original but organized in a more efficient structure. We show it is possible to achieve much more improvement than previous, rulereordering based studies. To demonstrate this, we study by both simulation experiment and test with real firewall. KEY WORDS firewall, packet filter, firewall optimization, linear search, packet filtering, network security
Liang Zhao, A. Shimae, Hiroshi Nagamochi
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2007
Where CIIT
Authors Liang Zhao, A. Shimae, Hiroshi Nagamochi
Comments (0)