Towards safe and optimal filtering rule reordering for complex packet filters

Author

Ben Neji, Nizar ; Bouhoula, Adel

Author_Institution

Higher Sch. of Commun. of Tunis (SupCom), Univ. of Carthage, Tunis, Tunisia

fYear

2011

fDate

6-8 Sept. 2011

Firstpage

153

Lastpage

160

Abstract

The growth of the Internet coupled with the complexity of the security needs increases the demands on filtering performance, so much so that it is crucial to maintain high classification throughput in a high speed environment. As a result, today´s security devices require innovative designs and algorithms to optimize the efficiency of packet filtering systems. In this paper, we propose a safe and an optimal reordering method aimed at reducing the operational cost of network packet filters. In addition, an evaluation performance study is also given using a set of special matrices: Dependency Matrix, Reordering Matrix and Grouping Matrix. Besides, each matrix has an associated factor in [0,1] and the new defined factors are introduced to measure the efficiency of the proposed technique and to show its high potential to make optimization easy, optimal and safe.

Keywords

Internet; computational complexity; computer network security; matrix algebra; optimisation; Internet; associated factor; classification throughput; complex packet filters; dependency matrix; evaluation performance study; filtering rule reordering; grouping matrix; optimal reordering method; optimization; reordering matrix; security complexity; Context; Fires; Optimization; Protocols; Security; Semantics; Sorting; Packet filtering; optimization; reordering; security policy;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security (NSS), 2011 5th International Conference on

Conference_Location

Milan

Print_ISBN

978-1-4577-0458-1

Type

conf

DOI

10.1109/ICNSS.2011.6059995

Filename

6059995