DocumentCode :
3322738
Title :
Performance Improvement over Linux Layer-7 Content Filtering
Author :
Peng, Bing-Heng ; Liu, Huai-Jen ; Wei, Huan-Yun
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Chung Hua Univ., Hsinchu, Taiwan
fYear :
2009
fDate :
14-16 Dec. 2009
Firstpage :
522
Lastpage :
527
Abstract :
Due to security reasons, many companies need firewalls to filter some mistrusted applications, like FTP or P2P software. However, some applications may hide themselves with some well-known application ports like HTTP port 80 such that some firewalls cannot distinguish mistrusted applications from well-known applications. As a result, firewalls require high performance classification engines that can efficiently inspect layer-7 contents to recognize mistrusted applications. This paper analyzes the layer-7 classification module in Linux Netfilter, the L7filter package, and proposes an alternative implementation to improve the performance of L7filter. The throughput of the proposed method can remain high even in heavily-loaded network environments. The performance of the proposed method is justified by the Spirent SmartBits 6000 testing equipment whose traffic generation speed can achieve gigabit wire-speed.
Keywords :
Internet; Linux; authorisation; computer network security; HTTP port 80; Internet; Linux Netfilter; Linux layer-7 content filtering; Spirent SmartBits 6000 testing equipment; firewalls; gigabit wire-speed; security; Application software; Engines; Filtering; Filters; Linux; Packaging machines; Performance analysis; Security; Testing; Throughput; L7filter; Netfilter; content filter; firewall;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Mobile Ad-hoc and Sensor Networks, 2009. MSN '09. 5th International Conference on
Conference_Location :
Fujian
Print_ISBN :
978-1-4244-5468-6
Type :
conf
DOI :
10.1109/MSN.2009.56
Filename :
5401489
Link To Document :
بازگشت