期刊名称:International Journal of Computer Networks (IJCN)
电子版ISSN:1985-4129
出版年度:2014
卷号:6
期号:6
页码:118-132
出版社:Computer Science Journals
摘要:Firewalls play an extremely important role in today's networks. They are present universally in almost every corporate network across the globe and serve to protect such networks from unauthorized access. The firewall is most commonly implemented as a packet filter. The packet filter works by comparing incoming packets against a set of predefined rules called an access control list (ACL). It is vital to improve the performance of packet filtering firewalls as much as possible. Most of the research work in this area barring a few has not focused on utilizing traffic characteristics to improve the performance of packet filters. In this paper, we propose a simple algorithm that exploits traffic behavior by utilizing incoming traffic statistics to dynamically modify rule ordering in access control lists. Hence repeated packets or multiple packets from the same source require lesser number of comparisons before a rule is matched. When testing was performed for the proposed work using both a simulated firewall and simulated traffic the performance of the firewall showed considerable improvement.
关键词:Firewall; Packet Filter; Access Control List; Rule Ordering; Traffic Characteristics.
Loading...
