Title :
Firewall Rules Sorting Based on Markov Model
Author :
Wang, WeiPing ; Ji, Rong ; Chen, Wenhui ; Chen, Bo ; Li, Zhepeng
Author_Institution :
Univ. of Sci. & Technol. of China, Hefei
Abstract :
Firewall technique is a major measure to solve network security problems for enterprises. However, firewall efficiency is compromised by lots of tuple-comparisons. In this research, we established a Markov model for package matching statistics and prediction based on status investigation of rules matching in rule table. Then an optimization method which sorts the rules ranking is proposed, and the theoretical demonstration is provided as well. The experiment proved that this method (1) reduces the total operation of package matching; (2) improves the speed and effective of firewall filtering; and (3) adept to large rules set. The result also could be used to some package classification system.
Keywords :
Markov processes; authorisation; computer networks; optimisation; pattern classification; pattern matching; sorting; statistical analysis; telecommunication security; Markov model; firewall rules sorting; network security; optimization; package classification system; package matching statistics; Access control; Data privacy; Data security; Filtering; Information security; Intelligent networks; Matched filters; Packaging; Sorting; TCPIP;
Conference_Titel :
Data, Privacy, and E-Commerce, 2007. ISDPE 2007. The First International Symposium on
Conference_Location :
Chengdu
Print_ISBN :
978-0-7695-3016-1
DOI :
10.1109/ISDPE.2007.40
