| | |
Summary: 1
On Dynamic Optimization of Packet Matching in
High Speed Firewalls
Hazem Hamed, Adel ElAtawy, Ehab AlShaer
School of Computer Science, DePaul University, Chicago, USA
Abstract--- Packet matching plays a critical role in the per
formance of many network devices and a tremendous amount
of research has already been invested to come up with better
optimized packet filters. However, most of the related works
use deterministic techniques and do not exploit the traffic
characteristics in their optimization schemes. In addition, most
packet classifiers give no specific consideration for optimizing
packet rejection, which is important for many filtering devices
like firewalls.
Our contribution in this paper is twofold. First, we present
a novel algorithm for maximizing early rejection of unwanted
flows with minimal impact on other flows. Second, we present
a new packet filtering dynamic optimization technique that
uses statistical search trees to utilize traffic characteristics and
minimize the average packet matching time. The proposed
|
