Title :
A traffic-aware top-N firewall approximation algorithm
Author :
Lam, Ho-Yu ; Wang, Donghan ; Chao, H. Jonathan
Author_Institution :
Dept. of Electr. & Comput. Eng., Polytech. Inst. of New York Univ., Brooklyn, NY, USA
Abstract :
Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top-N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
Keywords :
approximation theory; authorisation; computer network security; pattern classification; telecommunication traffic; approximation algorithm; classification rules; network security; packet classification; top-N rules; traffic aware top-N firewall approximation algorithm; traffic pattern; Approximation algorithms; Approximation methods; Complexity theory; Heuristic algorithms; Optimization; Partitioning algorithms; Security;
Conference_Titel :
Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4577-0249-5
Electronic_ISBN :
978-1-4577-0248-8
DOI :
10.1109/INFCOMW.2011.5928779
