Performance Improvement over Linux Layer-7 Content Filtering

Author

Peng, Bing-Heng ; Liu, Huai-Jen ; Wei, Huan-Yun

Author_Institution

Dept. of Comput. Sci. & Inf. Eng., Chung Hua Univ., Hsinchu, Taiwan

fYear

2009

fDate

14-16 Dec. 2009

Firstpage

522

Lastpage

527

Abstract

Due to security reasons, many companies need firewalls to filter some mistrusted applications, like FTP or P2P software. However, some applications may hide themselves with some well-known application ports like HTTP port 80 such that some firewalls cannot distinguish mistrusted applications from well-known applications. As a result, firewalls require high performance classification engines that can efficiently inspect layer-7 contents to recognize mistrusted applications. This paper analyzes the layer-7 classification module in Linux Netfilter, the L7filter package, and proposes an alternative implementation to improve the performance of L7filter. The throughput of the proposed method can remain high even in heavily-loaded network environments. The performance of the proposed method is justified by the Spirent SmartBits 6000 testing equipment whose traffic generation speed can achieve gigabit wire-speed.

Keywords

Internet; Linux; authorisation; computer network security; HTTP port 80; Internet; Linux Netfilter; Linux layer-7 content filtering; Spirent SmartBits 6000 testing equipment; firewalls; gigabit wire-speed; security; Application software; Engines; Filtering; Filters; Linux; Packaging machines; Performance analysis; Security; Testing; Throughput; L7filter; Netfilter; content filter; firewall;

fLanguage

English

Publisher

ieee

Conference_Titel

Mobile Ad-hoc and Sensor Networks, 2009. MSN '09. 5th International Conference on

Conference_Location

Fujian

Print_ISBN

978-1-4244-5468-6

Type

conf

DOI

10.1109/MSN.2009.56

Filename

5401489