GEOMETRIC EFFICIENT MATCHING ALGORITHM FOR FIREWALLS

Concept of Firewall is the most important thing in network and the traffic which is passing through network perimeter needs to be filtering the traffic that is going to pass through it. Thus there is potential risk in this process. As each packet needs to be checked with each firewall rule to find the matching rules. ’Geometric Efficient Matching Algorithm ‘ is one of the computational geometry algorithm which gives practically better solution for the purpose of finding the rule which exactly matches. With the help of firewall rule statistics we have generated random model of perimeter rule which is not uniform. We also reduced the space requirement up to 2-3 MB for 5000 rules. Also it solves problem of firewall misconfiguration for firewall packet matching

[1]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[2]  Bernhard Plattner,et al.  Scalable high speed IP routing lookups , 1997, SIGCOMM '97.

[3]  Dan Decasper A software architecture for next generation routers , 1998, SIGCOMM 1998.

[4]  George Varghese,et al.  Fast packet classification for two-dimensional conflict-free filters , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[5]  Avishai Wool Architecting the Lumeta Firewall Analyzer , 2001, USENIX Security Symposium.

[6]  George Varghese,et al.  Packet classification for core routers: is there an alternative to CAMs? , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).