Accelerating Firewalls: Tools, Techniques and Metrics for Optimizing Distributed Enterprise Firewalls

  • Subrata Acharya
Chapter
Part of the Intelligent Systems Reference Library book series (ISRL, volume 38)

Abstract

The overall efficiency, reliability, and availability of firewalls are crucial in enforcing and administering security, especially when the network is under attack. These challenges require new designs, architecture and algorithms to optimize firewalls. Contrary to a list-based structure, a de-centralized (hierarchical) design leads to efficient organization of rule-sets, thereby significantly increasing the performance of the firewall. The objective is to transform the original list-based rule-set into more efficient and manageable structures, in order to improve the performance of firewalls. The main features of this approach are the hierarchical design, rule-set transformation approaches, online traffic adaptation mechanisms, and a strong reactive scheme to counter malicious attacks (e.g. Denial-of-Service (DoS) attacks [1]).

Keywords

Security Policy Greedy Heuristic Traffic Characteristic Splitting Process Packet Processing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Lakshman, T.V., Stidialis, D.: High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In: Proceedings of SIGCOMM. ACM Press (1998)Google Scholar
  3. 3.
    Srinivasan, V., Suri, S., Varghese, G.: Packet classification using tuple space search. In: Proceedings of SIGCOMM. ACM Press (1999)Google Scholar
  4. 4.
  5. 5.
    Hamed, H., Al-Shaer, E.: Dynamic rule-ordering optimization for high-speed firewall filtering. In: ASIACCS (2006)Google Scholar
  6. 6.
    A* Search Algorithm, http://en.wikipedia.org/wiki/A*_algorithmGoogle Scholar
  7. 7.
    Acharya, S., Abliz, M., Mills, B., Greenberg, A., Znati, T., Ge, Z., Wang, J.: Optwall: A hierarchical traffic-aware firewall. In: 14th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2007)Google Scholar
  8. 8.
    Brucker, P.: On the complexity of clustering problems. In: Optimization and Operations Research, pp. 45–54. Springer (1977, 1997)Google Scholar
  9. 9.
    Charikar, M., Guha, S., Tardos, Shmoys, D.B.: A constant-factor approximation algorithm for the k-median problem. In: ACM Symposium on Theory of Computing (1999)Google Scholar
  10. 10.
    Acharya, S., Wang, J., Ge, Z., Znati, T., Greenberg, A.: Traffic-aware firewall optimization strategies. In: IEEE International Conference on Communications, Istanbul, Turkey (June 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Subrata Acharya
    • 1
  1. 1.Towson UniversityTowsonUSA

Personalised recommendations