Title :
Packet flow histograms to improve firewall efficiency
Author :
Trabelsi, Zouheir ; Zhang, Liren ; Zeidan, Safaa
Author_Institution :
Fac. of Inf. Technol., UAE Univ., Al Ain, United Arab Emirates
Abstract :
This paper presents a novel mechanism based on the histograms of packet filtering, which are able to effectively monitor firewall performance in real-time and to predict the patterns of packet filtering in terms of rules order and rule-fields order. Furthermore, the mechanism becomes even more significant when firewall is heavily loaded with burst traffic. A comparison of the proposed approach and the other conventional approaches, including static rule order approach and dynamic rule order approach is presented.
Keywords :
authorisation; computer network security; telecommunication traffic; burst traffic; dynamic rule order approach; firewall efficiency; packet filtering; packet flow histograms; rule-fields order; static rule order approach; Equations; Filtering; Fires; Histograms; Optimization; Pattern matching; Security; firewall early rejection; optimization of rule-fields ordering; optimization of rules ordering; packet flow matching histogram;
Conference_Titel :
Information, Communications and Signal Processing (ICICS) 2011 8th International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4577-0029-3
DOI :
10.1109/ICICS.2011.6173600
