File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/TNSM.2009.041104
- Scopus: eid_2-s2.0-67449085828
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Article: A general framework for benchmarking firewall optimization techniques
| Title | A general framework for benchmarking firewall optimization techniques |
|---|---|
| Authors | |
| Keywords | ACL optimization ACL partitioning Data mining Fires Firewall management Firewall optimization Inspection Internet Optimization Partitioning algorithms Servers |
| Issue Date | 2008 |
| Citation | IEEE Transactions on Network and Service Management, 2008, v. 5, n. 4, p. 227-238 How to Cite? |
| Abstract | Firewalls are among the most pervasive network security mechanisms, deployed extensively from the borders of networks to end systems. The complexity of modern firewall policies has raised the computational requirements for firewall implementations, potentially limiting the throughput of networks. Administrators currently rely on ad hoc solutions to firewall optimization. To address this problem, a few automatic firewall optimization techniques have been proposed, but there has been no general approach to evaluate the optimality of these techniques. In this paper we present a general framework for rule-based firewall optimization. We give a precise formulation of firewall optimization as an integer programming problem and show that our framework produces optimal reordered rule sets that are semantically equivalent to the original rule set. Our framework considers the complex interactions among the rules in firewall configurations and relies on a novel partitioning of the packet space defined by the rules themselves. For validation, we employ this framework on real firewall rule sets for a quantitative evaluation of existing heuristic approaches. Our results indicate that the framework is general and faithfully captures performance benefits of firewall optimization heuristics. © 2009 IEEE. |
| Persistent Identifier | http://hdl.handle.net/10722/346546 |
| ISSN | 2023 Impact Factor: 4.7 2023 SCImago Journal Rankings: 1.762 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Misherghi, Ghassan | - |
| dc.contributor.author | Yuan, Lihua | - |
| dc.contributor.author | Su, Zhendong | - |
| dc.contributor.author | Chuah, Chen Nee | - |
| dc.contributor.author | Chen, Hao | - |
| dc.date.accessioned | 2024-09-17T04:11:39Z | - |
| dc.date.available | 2024-09-17T04:11:39Z | - |
| dc.date.issued | 2008 | - |
| dc.identifier.citation | IEEE Transactions on Network and Service Management, 2008, v. 5, n. 4, p. 227-238 | - |
| dc.identifier.issn | 1932-4537 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/346546 | - |
| dc.description.abstract | Firewalls are among the most pervasive network security mechanisms, deployed extensively from the borders of networks to end systems. The complexity of modern firewall policies has raised the computational requirements for firewall implementations, potentially limiting the throughput of networks. Administrators currently rely on ad hoc solutions to firewall optimization. To address this problem, a few automatic firewall optimization techniques have been proposed, but there has been no general approach to evaluate the optimality of these techniques. In this paper we present a general framework for rule-based firewall optimization. We give a precise formulation of firewall optimization as an integer programming problem and show that our framework produces optimal reordered rule sets that are semantically equivalent to the original rule set. Our framework considers the complex interactions among the rules in firewall configurations and relies on a novel partitioning of the packet space defined by the rules themselves. For validation, we employ this framework on real firewall rule sets for a quantitative evaluation of existing heuristic approaches. Our results indicate that the framework is general and faithfully captures performance benefits of firewall optimization heuristics. © 2009 IEEE. | - |
| dc.language | eng | - |
| dc.relation.ispartof | IEEE Transactions on Network and Service Management | - |
| dc.subject | ACL optimization | - |
| dc.subject | ACL partitioning | - |
| dc.subject | Data mining | - |
| dc.subject | Fires | - |
| dc.subject | Firewall management | - |
| dc.subject | Firewall optimization | - |
| dc.subject | Inspection | - |
| dc.subject | Internet | - |
| dc.subject | Optimization | - |
| dc.subject | Partitioning algorithms | - |
| dc.subject | Servers | - |
| dc.title | A general framework for benchmarking firewall optimization techniques | - |
| dc.type | Article | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1109/TNSM.2009.041104 | - |
| dc.identifier.scopus | eid_2-s2.0-67449085828 | - |
| dc.identifier.volume | 5 | - |
| dc.identifier.issue | 4 | - |
| dc.identifier.spage | 227 | - |
| dc.identifier.epage | 238 | - |