A Heuristic Approach for Firewall Policy Optimization

Author

El-Alfy, El-Sayed M.

Author_Institution

Coll. of Comput. Sci. & Eng., King Fahd Univ. of Pet. & Miner., Dhahran

Volume

3

fYear

2007

fDate

12-14 Feb. 2007

Firstpage

1782

Lastpage

1787

Abstract

A primary goal of this paper is to develop a heuristic approach based on genetic algorithms to enhance the firewall performance. Typical firewall policies may have thousands of rules and determining an optimal rule order that minimizes the average number of rule comparisons while maintaining the policy integrity is proven to be NP-hard. This problem is formulated as a binary integer program for which an optimal solution is obtained using the branch-and-bound technique. Then an alternative solution approach is devised based on genetic algorithms. Several experiments are conducted to evaluate the effectiveness of the proposed approach as compared to other rule-ordering techniques. Empirical results show the potential and flexibility of the proposed approach.

Keywords

authorisation; computational complexity; genetic algorithms; integer programming; tree searching; NP-hard problems; binary integer program; branch-and-bound technique; firewall policy optimization; genetic algorithms; heuristic approach; optimal rule order; policy integrity; rule-ordering techniques; Educational institutions; Genetic algorithms; Genetic engineering; IP networks; Information filtering; Information filters; Minerals; Protection; Security; Sorting; Network security; access control; firewalls; genetic algorithms;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology, The 9th International Conference on

Conference_Location

Gangwon-Do

ISSN

1738-9445

Print_ISBN

978-89-5519-131-8

Type

conf

DOI

10.1109/ICACT.2007.358716

Filename

4195518