Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices

Author:

Baiocchi Andrea1,Maiolini Gianluca2,Mingo Annachiara3,Goretti Daniele4

Affiliation:

1. Department of Information Engineering, Electronics and Telecommunications (DIET), University of Roma “Sapienza”, Via Eudossiana 18, 00184 Rome, Italy

2. Ipanema Technologies, Via Roberto Lepetit 8/10, 20124 Milan, Italy

3. Digi International GmbH, Lise-Meitner-Straße 9, 85737 Ismaning, Germany

4. Altran Italia S.p.A., Via Tiburtina 1232, 00131 Rome, Italy

Abstract

Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices.

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Cited by 2 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing;Proceedings of the 26th ACM Symposium on Access Control Models and Technologies;2021-06-11

2. Network Packet Breach Detection Using Cognitive Techniques;Smart Systems and IoT: Innovations in Computing;2019-10-27

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3