A survey on firewall's early packet rejection techniques

Safaa Zeidan, Zouheir Trabelsi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.

Original languageEnglish
Title of host publication2011 International Conference on Innovations in Information Technology, IIT 2011
Pages203-208
Number of pages6
DOIs
Publication statusPublished - 2011
Event2011 International Conference on Innovations in Information Technology, IIT 2011 - Abu Dhabi, United Arab Emirates
Duration: Apr 25 2011Apr 27 2011

Publication series

Name2011 International Conference on Innovations in Information Technology, IIT 2011

Other

Other2011 International Conference on Innovations in Information Technology, IIT 2011
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period4/25/114/27/11

Keywords

  • Binary Decision Diagram
  • Binary Search on Prefix Length
  • Boolean Expression
  • Early Rejection
  • Hash Table
  • Packet Classification
  • Set cover
  • Splay Tree

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems

Fingerprint

Dive into the research topics of 'A survey on firewall's early packet rejection techniques'. Together they form a unique fingerprint.

Cite this