TY - GEN
T1 - Packet flow histograms to improve firewall efficiency
AU - Trabelsi, Zouheir
AU - Zhang, Liren
AU - Zeidan, Safaa
PY - 2011
Y1 - 2011
N2 - This paper presents a novel mechanism based on the histograms of packet filtering, which are able to effectively monitor firewall performance in real-time and to predict the patterns of packet filtering in terms of rules order and rule-fields order. Furthermore, the mechanism becomes even more significant when firewall is heavily loaded with burst traffic. A comparison of the proposed approach and the other conventional approaches, including static rule order approach and dynamic rule order approach is presented.
AB - This paper presents a novel mechanism based on the histograms of packet filtering, which are able to effectively monitor firewall performance in real-time and to predict the patterns of packet filtering in terms of rules order and rule-fields order. Furthermore, the mechanism becomes even more significant when firewall is heavily loaded with burst traffic. A comparison of the proposed approach and the other conventional approaches, including static rule order approach and dynamic rule order approach is presented.
KW - firewall early rejection
KW - optimization of rule-fields ordering
KW - optimization of rules ordering
KW - packet flow matching histogram
UR - http://www.scopus.com/inward/record.url?scp=84860636074&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84860636074&partnerID=8YFLogxK
U2 - 10.1109/ICICS.2011.6173600
DO - 10.1109/ICICS.2011.6173600
M3 - Conference contribution
AN - SCOPUS:84860636074
SN - 9781457700309
T3 - ICICS 2011 - 8th International Conference on Information, Communications and Signal Processing
BT - ICICS 2011 - 8th International Conference on Information, Communications and Signal Processing
T2 - 8th International Conference on Information, Communications and Signal Processing, ICICS 2011
Y2 - 13 December 2011 through 16 December 2011
ER -