论文信息 - An Advanced Firewall Rule Matching Algorithm

An Advanced Firewall Rule Matching Algorithm

The importance of internal network security has been on the rise due to the demand of businesses in organizations that deal complicated device connections in SCADA networks. Ideally, the firewall rule searching speed must be as effective as O(1) time complexity, to filter all network traffic regardless of the number of fields filtered and the number of firewall rules. This paper proposes an advanced firewall rules matching algorithm with designed hash table function. The proposed firewall rule matching algorithm based on our designed hash table function is able to achieve far better speed than other search algorithms. Additionally, our hash table-based algorithm shows a constant execution time regardless the number of firewall rules.

[1] Xia-an Bi,et al. Hierarchical trie packet classification algorithm based on expectation-maximization clustering , 2017, PloS one.

[2] George Varghese,et al. Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[3] Jun Li,et al. HSM: a fast packet classification algorithm , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[4] George Varghese,et al. Scalable packet classification , 2001, SIGCOMM 2001.

[5] Nick McKeown,et al. Packet classification on multiple fields , 1999, SIGCOMM '99.

[6] Michael McMillan. Data Structures and Algorithms Using C#: Binary Trees and Binary Search Trees , 2007 .

[7] Jayme Luiz Szwarcfiter,et al. SOME ILLUSTRATIVE EXAMPLES ON THE USE OF HASH TABLES , 2015 .

[8] Phaltane Anjali.D. GEOMETRIC EFFICIENT MATCHING ALGORITHM FOR FIREWALLS , 2014 .

[9] S. G. Shikalpure,et al. Hashing Based Packet Matching Algorithm for Firewall , 2015 .

[10] Subhash Suri,et al. Space Decomposition Techniques for Fast Layer-4 Switching , 1999, Protocols for High-Speed Networks.

[11] Venkatachary Srinivasan,et al. Packet classification using tuple space search , 1999, SIGCOMM '99.