Adaptive Statistical Optimization Techniques for
Firewall Packet Filtering
Adel El-Atawy, Hazem Hamed, Ehab Al-Shaer
School of Computer Science, DePaul University, Chicago, USA
Abstract-- Packet filtering plays a critical role in the
performance of many network devices such as firewalls,
IPSec gateways, DiffServ and QoS routers. A tremendous
amount of research was proposed to optimize packet filters.
However, most of the related works use deterministic
techniques and do not exploit the traffic characteristics
in their optimization schemes. In addition, most packet
classifiers give no specific consideration for optimizing
packet rejection, which is important for many filtering
devices like firewalls.
Our contribution in this paper is twofold. First, we
present a novel algorithm for maximizing early rejection of
unwanted flows without impacting other flows significantly.
Second, we present a new packet filtering optimization
technique that uses adaptive statistical search trees to