A survey on firewall's early packet rejection techniques

A survey on firewall's early packet rejection techniques

Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zeidan, S., Trabelsi, Z.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Approximation algorithms
Approximation methods
Binary Decision Diagram
Binary Search on Prefix Length
Boolean Expression
Boolean functions
Data structures
Early Rejection
Filtering
Fires
Hash Table
Packet Classification
Security
Set cover
Splay Tree
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Packet filtering plays a critical role in the performance of many network devices such as firewalls, routers and intrusion detection and prevention systems. Tremendous amount of research works on packet classification was proposed to optimize packet filtering. However, most works use deterministic techniques and do not take into consideration the traffic characteristics. Moreover, most packet classifiers give no specific consideration for optimizing early packet rejection (compared with packet acceptance), which is very important for improving firewall performance. In this paper, we are limited to survey firewall early packet rejection techniques. The strengths and limitations of the techniques are discussed. Also, some improvements have been proposed. This work can be the basis to enhance these techniques or for proposing new approaches that provide better firewall performance.
DOI:10.1109/INNOVATIONS.2011.5893818