A survey on firewall's early packet rejection techniques

Safaa Zeidan; Zouheir Trabelsi

doi:10.1109/INNOVATIONS.2011.5893818

A survey on firewall's early packet rejection techniques

Safaa Zeidan, Zouheir Trabelsi

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.

Original language	English
Title of host publication	2011 International Conference on Innovations in Information Technology, IIT 2011
Pages	203-208
Number of pages	6
DOIs	https://doi.org/10.1109/INNOVATIONS.2011.5893818
Publication status	Published - 2011
Event	2011 International Conference on Innovations in Information Technology, IIT 2011 - Abu Dhabi, United Arab Emirates Duration: Apr 25 2011 → Apr 27 2011

Publication series

Name	2011 International Conference on Innovations in Information Technology, IIT 2011

Other

Other	2011 International Conference on Innovations in Information Technology, IIT 2011
Country/Territory	United Arab Emirates
City	Abu Dhabi
Period	4/25/11 → 4/27/11

Keywords

Binary Decision Diagram
Binary Search on Prefix Length
Boolean Expression
Early Rejection
Hash Table
Packet Classification
Set cover
Splay Tree

ASJC Scopus subject areas

Computer Science Applications
Information Systems

Access to Document

10.1109/INNOVATIONS.2011.5893818

Cite this

A survey on firewall's early packet rejection techniques. / Zeidan, Safaa; Trabelsi, Zouheir.

2011 International Conference on Innovations in Information Technology, IIT 2011. 2011. p. 203-208 5893818 (2011 International Conference on Innovations in Information Technology, IIT 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zeidan, S & Trabelsi, Z 2011, A survey on firewall's early packet rejection techniques. in 2011 International Conference on Innovations in Information Technology, IIT 2011., 5893818, 2011 International Conference on Innovations in Information Technology, IIT 2011, pp. 203-208, 2011 International Conference on Innovations in Information Technology, IIT 2011, Abu Dhabi, United Arab Emirates, 4/25/11. https://doi.org/10.1109/INNOVATIONS.2011.5893818

@inproceedings{982edea0b5d646eda5b38dd2679e0e9f,

title = "A survey on firewall's early packet rejection techniques",

abstract = "Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.",

keywords = "Binary Decision Diagram, Binary Search on Prefix Length, Boolean Expression, Early Rejection, Hash Table, Packet Classification, Set cover, Splay Tree",

author = "Safaa Zeidan and Zouheir Trabelsi",

year = "2011",

doi = "10.1109/INNOVATIONS.2011.5893818",

language = "English",

isbn = "9781457703140",

series = "2011 International Conference on Innovations in Information Technology, IIT 2011",

pages = "203--208",

booktitle = "2011 International Conference on Innovations in Information Technology, IIT 2011",

note = "2011 International Conference on Innovations in Information Technology, IIT 2011 ; Conference date: 25-04-2011 Through 27-04-2011",

}

TY - GEN

T1 - A survey on firewall's early packet rejection techniques

AU - Zeidan, Safaa

AU - Trabelsi, Zouheir

PY - 2011

Y1 - 2011

N2 - Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.

AB - Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.

KW - Binary Decision Diagram

KW - Binary Search on Prefix Length

KW - Boolean Expression

KW - Early Rejection

KW - Hash Table

KW - Packet Classification

KW - Set cover

KW - Splay Tree

UR - http://www.scopus.com/inward/record.url?scp=79960018102&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960018102&partnerID=8YFLogxK

U2 - 10.1109/INNOVATIONS.2011.5893818

DO - 10.1109/INNOVATIONS.2011.5893818

M3 - Conference contribution

AN - SCOPUS:79960018102

SN - 9781457703140

T3 - 2011 International Conference on Innovations in Information Technology, IIT 2011

SP - 203

EP - 208

BT - 2011 International Conference on Innovations in Information Technology, IIT 2011

T2 - 2011 International Conference on Innovations in Information Technology, IIT 2011

Y2 - 25 April 2011 through 27 April 2011

ER -

A survey on firewall's early packet rejection techniques

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this