• DocumentCode
    1881021
  • Title

    A traffic-aware top-N firewall approximation algorithm

  • Author

    Lam, Ho-Yu ; Wang, Donghan ; Chao, H. Jonathan

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Polytech. Inst. of New York Univ., Brooklyn, NY, USA
  • fYear
    2011
  • fDate
    10-15 April 2011
  • Firstpage
    1036
  • Lastpage
    1041
  • Abstract
    Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top-N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
  • Keywords
    approximation theory; authorisation; computer network security; pattern classification; telecommunication traffic; approximation algorithm; classification rules; network security; packet classification; top-N rules; traffic aware top-N firewall approximation algorithm; traffic pattern; Approximation algorithms; Approximation methods; Complexity theory; Heuristic algorithms; Optimization; Partitioning algorithms; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
  • Conference_Location
    Shanghai
  • Print_ISBN
    978-1-4577-0249-5
  • Electronic_ISBN
    978-1-4577-0248-8
  • Type

    conf

  • DOI
    10.1109/INFCOMW.2011.5928779
  • Filename
    5928779
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1881021