| | |
Summary: Dynamic Rule-ordering Optimization for High-speed
Firewall Filtering
Hazem Hamed and Ehab Al-Shaer
School of Computer Science, Telecommunications and Information Systems
DePaul University
Chicago, Illinois, USA
{hhamed, ehab}@cs.depaul.edu
ABSTRACT
Packet filtering plays a critical role in many of the current
high speed network technologies such as firewalls and IPSec
devices. The optimization of firewall policies is critically
important to provide high performance packet filtering par-
ticularly for high speed network security. Current packet fil-
tering techniques exploit the characteristics of the filtering
policies, but they do not consider the traffic behavior in op-
timizing their search data structures. This results in imprac-
tically high space complexity, which undermines the perfor-
mance gain offered by these techniques. Also, these tech-
niques offer upper bounds for the worst case search times;
nevertheless, average case scenarios are not necessarily op-
|
