Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly\ncomplex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to\nimplement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies.\nOn the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices,\nwithout specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our\nwork joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets,\nby relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits\navailable features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We\ndemonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial\npacket filtering devices.
Loading....