• DocumentCode
    533427
  • Title

    A traffic-aware top-N firewall ruleset approximation algorithm

  • Author

    Lam, Ho-Yu ; Wang, Donghan Jarod ; Chao, H. Jonathan

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Polytech. Inst. of New York Univ., Brooklyn, NY, USA
  • fYear
    2010
  • fDate
    25-26 Oct. 2010
  • Firstpage
    1
  • Lastpage
    2
  • Abstract
    Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this poster, we investigate an approximation algorithm for selecting the top-N most frequently matched subset of rules from the original ruleset. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
  • Keywords
    approximation theory; computer network security; classification rules; network security; packet classification; traffic-aware top-N firewall ruleset approximation algorithm; Approximation algorithms; Approximation methods; Fires; Heuristic algorithms; Optimization; Security; USA Councils; Algorithms; Design; Packet Classification; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Architectures for Networking and Communications Systems (ANCS), 2010 ACM/IEEE Symposium on
  • Conference_Location
    La Jolla, CA
  • Print_ISBN
    978-1-4244-9127-8
  • Electronic_ISBN
    978-1-4503-0379-8
  • Type

    conf

  • Filename
    5623844
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=533427