DocumentCode
624110
Title
Towards a new design of firewall: Anomaly elimination and fast verifying of firewall rules
Author
Khummanee, Suchart ; Khumseela, Atipong ; Puangpronpitag, Somnuk
Author_Institution
Fac. of Inf., Mahasarkham Univ., Maha Sarakham, Thailand
fYear
2013
fDate
29-31 May 2013
Firstpage
93
Lastpage
98
Abstract
Network security is usually protected by a firewall, which checks in-out packets against a set of defined policies or rules. Hence, the overall performance of the firewall generally depends on its rule management. For example, the performance can be decreased when there are firewall rule anomalies. The anomalies may happen when two sets of firewall rules are overlapped or their decision parts are both an acceptance and a denial simultaneously. In this paper, we propose a new paradigm of the firewall design, consisting of two parts: (1) Single Domain Decision firewall (SDD) -a new firewall rule management policy that is certainly not conflicts, and (2) the Binary Tree Firewall (BTF) -a data structure and an algorithm to fast check the firewall rules. Experimental results have indicated that the new design can fix conflicting anomaly and increase the speed of firewall rule checking from O(N2) to O(log2 N).
Keywords
data structures; firewalls; trees (mathematics); BTF; SDD; anomaly elimination; binary tree firewall; data structure; decision parts; firewall design; firewall rule anomaly; firewall rule checking; firewall rule management policy; firewall rules; network security; single domain decision firewall; Binary trees; Companies; IP networks; Ports (Computers); Protocols; Time complexity; Anomaly; Binary Tree Firewall rule (BTF); Firewall rule optimization; Single Domain Decision firewall (SDD);
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Science and Software Engineering (JCSSE), 2013 10th International Joint Conference on
Conference_Location
Maha Sarakham
Print_ISBN
978-1-4799-0805-9
Type
conf
DOI
10.1109/JCSSE.2013.6567326
Filename
6567326
Link To Document