Title :
A survey on firewall´s early packet rejection techniques
Author :
Zeidan, Safaa ; Trabelsi, Zouheir
Author_Institution :
Fac. of Inf. Technol., UAE Univ., Al Ain, United Arab Emirates
Abstract :
Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.
Keywords :
authorisation; computer network security; early packet rejection technique; firewall; intrusion detection; network device; packet classification; packet filtering; prevention system; routers; Approximation algorithms; Approximation methods; Boolean functions; Data structures; Filtering; Fires; Security; Binary Decision Diagram; Binary Search on Prefix Length; Boolean Expression; Early Rejection; Hash Table; Packet Classification; Set cover; Splay Tree;
Conference_Titel :
Innovations in Information Technology (IIT), 2011 International Conference on
Conference_Location :
Abu Dhabi
Print_ISBN :
978-1-4577-0311-9
DOI :
10.1109/INNOVATIONS.2011.5893818
