Title :
Towards safe and optimal filtering rule reordering for complex packet filters
Author :
Ben Neji, Nizar ; Bouhoula, Adel
Author_Institution :
Higher Sch. of Commun. of Tunis (SupCom), Univ. of Carthage, Tunis, Tunisia
Abstract :
The growth of the Internet coupled with the complexity of the security needs increases the demands on filtering performance, so much so that it is crucial to maintain high classification throughput in a high speed environment. As a result, today´s security devices require innovative designs and algorithms to optimize the efficiency of packet filtering systems. In this paper, we propose a safe and an optimal reordering method aimed at reducing the operational cost of network packet filters. In addition, an evaluation performance study is also given using a set of special matrices: Dependency Matrix, Reordering Matrix and Grouping Matrix. Besides, each matrix has an associated factor in [0,1] and the new defined factors are introduced to measure the efficiency of the proposed technique and to show its high potential to make optimization easy, optimal and safe.
Keywords :
Internet; computational complexity; computer network security; matrix algebra; optimisation; Internet; associated factor; classification throughput; complex packet filters; dependency matrix; evaluation performance study; filtering rule reordering; grouping matrix; optimal reordering method; optimization; reordering matrix; security complexity; Context; Fires; Optimization; Protocols; Security; Semantics; Sorting; Packet filtering; optimization; reordering; security policy;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6059995
