Abstract
The overall efficiency, reliability, and availability of firewalls are crucial in enforcing and administering security, especially when the network is under attack. These challenges require new designs, architecture and algorithms to optimize firewalls. Contrary to a list-based structure, a de-centralized (hierarchical) design leads to efficient organization of rule-sets, thereby significantly increasing the performance of the firewall. The objective is to transform the original list-based rule-set into more efficient and manageable structures, in order to improve the performance of firewalls. The main features of this approach are the hierarchical design, rule-set transformation approaches, online traffic adaptation mechanisms, and a strong reactive scheme to counter malicious attacks (e.g. Denial-of-Service (DoS) attacks [1]).
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Denial of Service, http://www.cert.org/homeusers/dos.html
Lakshman, T.V., Stidialis, D.: High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In: Proceedings of SIGCOMM. ACM Press (1998)
Srinivasan, V., Suri, S., Varghese, G.: Packet classification using tuple space search. In: Proceedings of SIGCOMM. ACM Press (1999)
Linux ipchains, http://people.netfilter.org/rusty/ipchains
Hamed, H., Al-Shaer, E.: Dynamic rule-ordering optimization for high-speed firewall filtering. In: ASIACCS (2006)
A* Search Algorithm, http://en.wikipedia.org/wiki/A*_algorithm
Acharya, S., Abliz, M., Mills, B., Greenberg, A., Znati, T., Ge, Z., Wang, J.: Optwall: A hierarchical traffic-aware firewall. In: 14th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2007)
Brucker, P.: On the complexity of clustering problems. In: Optimization and Operations Research, pp. 45–54. Springer (1977, 1997)
Charikar, M., Guha, S., Tardos, Shmoys, D.B.: A constant-factor approximation algorithm for the k-median problem. In: ACM Symposium on Theory of Computing (1999)
Acharya, S., Wang, J., Ge, Z., Znati, T., Greenberg, A.: Traffic-aware firewall optimization strategies. In: IEEE International Conference on Communications, Istanbul, Turkey (June 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Acharya, S. (2013). Accelerating Firewalls: Tools, Techniques and Metrics for Optimizing Distributed Enterprise Firewalls. In: Zelinka, I., Snášel, V., Abraham, A. (eds) Handbook of Optimization. Intelligent Systems Reference Library, vol 38. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30504-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-30504-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30503-0
Online ISBN: 978-3-642-30504-7
eBook Packages: EngineeringEngineering (R0)