Linear-tree rule structure for firewall optimization
نویسندگان
چکیده
Given a list of filtering rules with individual hitting probabilities, it is known that the average processing time of a linear-search based firewall can be minimized by searching rules in some appropriate order. This paper proposes a new yet simple technique called the linear-tree structure. It utilizes an advanced feature of modern firewalls, the “goto”like statement, to transform the given rule list into a rule set that is functionally equivalent to the original but organized in a more efficient structure. We show it is possible to achieve much more improvement than previous, rulereordering based studies. To demonstrate this, we study by both simulation experiment and test with real firewall.
منابع مشابه
Hybrid Tree-rule Firewall for High Speed Data Transmission
Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates fas...
متن کاملImproving cloud network security using the Tree-Rule firewall
This study proposes a new model of firewall called the ‘Tree-Rule Firewall’, which offers various benefits and is applicable for large networks such as ‘cloud’ networks. The recently available firewalls (i.e., ListedRule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathemati...
متن کاملMMDT: Multi-Objective Memetic Rule Learning from Decision Tree
In this article, a Multi-Objective Memetic Algorithm (MA) for rule learning is proposed. Prediction accuracy and interpretation are two measures that conflict with each other. In this approach, we consider accuracy and interpretation of rules sets. Additionally, individual classifiers face other problems such as huge sizes, high dimensionality and imbalance classes’ distribution data sets. This...
متن کاملOptimization of Network Firewall Policies using Directed Acyclical Graphs
This paper introduces a new method to improve the performance of list oriented firewall systems. Specifically, the paper addresses reordering a firewall rule set to minimize the average number of comparisons to determine the action, while maintaining the integrity of the original policy. Integrity is preserved if the reordered and original rules always arrive at the same result given a packet. ...
متن کاملUse of Formal models for the Firewall Policy Optimization
Firewalls are the core elements in network security & access control. A firewall controls the flow of traffic between different areas of your network. It uses a rule set called as firewall policy for this purpose. However as the size of rule set increases, specification and verification of the firewall rules becomes complicated and error-prone. This paper serves to provide an overview of the re...
متن کامل