期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2015
卷号:15
期号:10
页码:22-29
出版社:International Journal of Computer Science and Network Security
摘要:The firewall device has a main task that is protecting the internal network against attacks from outside the internal network, and it must itself against attacks aimed directly at himself, one of which is offensive attack DoS against default firewall rule. Several techniques have been proposed to resist this type of attack, the proposed techniques are aimed at how to reject a packet (which will be rejected by default rule) as soon as possible to reduce resource cost and time for the rejecting that packet. The early packet rejected is done by constructing the early packet filter based on the original packet filter or properties of the data flows through the firewall and the packet rejecting is done with this early packet filter. In the early packet rejection, the examination for a coming packet is performed on all the fields in the packet header and the checked time is proportional to the number of checked fields. This paper proposes the using XOR operator to combine two or more fields together and balanced-tree construction for the purpose of reducing average processing time per coming packet in early packet rejected. The effectiveness of the proposed technique is demonstrated by experiment when compared with other techniques.
关键词:firewall packet classification early packet rejection security policies in firewall.
