Firewall performance optimization using data mining techniques

This paper presents a novel approach to improve firewall performance using data mining techniques. A traditional packet filtering firewall compares a packet against each filtering rule until a match is found. The filtering rules are stored as a rule list. Therefore, the time required to process a packet depends linearly on the number of filtering rules. This time can be prohibitively large for a firewall containing hundreds of rules and the firewall can be a bottleneck for the network if high bandwidth is required. To enhance the firewall performance, we propose a data mining solution. In this approach, instead of comparing the packet with each of the filtering rules, the firewall predicts which rule is most likely going to match the packet. This significantly reduces the processing time taken by the firewall to filter each packet and thus improves its performance. Comparisons were made between the cumulative processing time taken by a standard firewall and the enhanced firewall with data mining to process millions of packets. Compared to the standard firewall, the enhanced firewall took 40% less time in processing the packets.