OPTWALL: A Hierarchical Traffic-Aware Firewall

Subrata Acharya, Mehmud Abliz, Bryan Mills, Taieb F. Znati, Jia Wang, Zihui Ge, Albert Greenberg

Research output: Contribution to conferencePaperpeer-review

22 Citations (Scopus)


The overall efficiency, reliability, and availability of a firewall is crucial in enforcing and administrating security, especially when the network is under attack. The continuous growth of the Internet, coupled with the increasing sophistication of the attacks, is placing stringent demands on firewall performance. These challenges require new designs, architecture and algorithms to optimize firewalls. In this paper, we propose OPTWALL, an adaptive hierarchical firewall optimization framework aimed at reducing operational cost of firewalls. The main features of the proposed approach are the hierarchical design, splitting techniques, an online traffic adaptation mechanism, and a strong reactive scheme to counter malicious attacks (e.g. Denial-of-Service (DoS) attacks). To the best of our knowledge, this work is the first of its kind to use traffic characteristics in the design of an adaptive hierarchical firewall optimization framework. To study the performance of OPTWALL, a set of experiments are conducted on Linux ipchains. The performance evaluation study uses a large set of firewall policies and traffic traces managed by a Tier-1 ISP and provides security access for the ISP network from/to its business partners. Results show the high potential of OPTWALL to reduce the operational cost of firewalls. In particular, the results show that a performance improvement of nearly 35% can been achieved in a heavily loaded network environment.

Original languageEnglish
Publication statusPublished - 2007
Externally publishedYes
Event14th Symposium on Network and Distributed System Security, NDSS 2007 - San Diego, United States
Duration: Feb 28 2007Mar 2 2007


Conference14th Symposium on Network and Distributed System Security, NDSS 2007
Country/TerritoryUnited States
CitySan Diego

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Control and Systems Engineering


Dive into the research topics of 'OPTWALL: A Hierarchical Traffic-Aware Firewall'. Together they form a unique fingerprint.

Cite this