Genetic Algorithm Optimized Packet Filtering

In this paper, we present a method to optimize packet filtering by genetic algorithm. Packet filtering in our work consists of packet capturing and firewall rules reordering. Genetic algorithm is used to automate rules reordering and the discovery of optimal combination of packet capture configuration, in the framework of PF_RING platform and rules ordering. Our method has been tested in different sizes of network traffic load. Genetic Algorithm evolves configuration based on the recorded throughput rates; the higher the throughput the better the solution. Results obtained indicate the effectiveness of the approach.

[1]  E. Al-Shaer,et al.  Design and Implementation of Firewall Policy Advisor Tools , 2004 .

[2]  E.-S.M. El-Alfy A Heuristic Approach for Firewall Policy Optimization , 2007, The 9th International Conference on Advanced Communication Technology.

[3]  Mohammad Abdollahi Azgomi,et al.  A high-performance and scalable multi-core aware software solution for network monitoring , 2010, The Journal of Supercomputing.

[4]  Anja Feldmann,et al.  Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware , 2007, PAM.

[5]  Alastair Nottingham,et al.  Investigating the effect of Genetic Algorithms on Filter Optimisation Within Fast Packet Classifiers , 2009, ISSA.

[6]  Luca Deri,et al.  High speed network traffic analysis with commodity multi-core systems , 2010, IMC '10.

[7]  Nora Cuppens-Boulahia,et al.  Complete analysis of configuration rules to guarantee reliable network security policies , 2008, International Journal of Information Security.

[8]  Georg Carle,et al.  Comparing and improving current packet capturing solutions based on commodity hardware , 2010, IMC '10.

[9]  Eduardo Magaña Lizarrondo,et al.  Collecting packet traces at high speed , 2006 .

[10]  Parameswaran Ramanathan,et al.  HIP: hybrid interrupt-polling for the network interface , 2001, OPSR.

[11]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[12]  K. K. Ramakrishnan,et al.  Eliminating receive livelock in an interrupt-driven kernel , 1996, TOCS.

[13]  Alok Tongaonkar Fast Pattern-Matching Techniques for Packet Filtering , 2004 .