A Dynamic and Self-Optimized Decision Tree for Improving Firewall Throughput
Time complexity of matching algorithms play an influential role in the performance of network firewalls. Traditional algorithms use linear search to find the appropriate rules for every incoming packet Up till now, no complete and efficient structure for firewall rule decision trees has been reported. Occurrence of inevitable anomalies and dynamicitv of parameters are the main hindrances in seeking efficacious decision trees. In this paper, a novel decision tree structure is proposed for optimizing firewall performance using the dynamic and statistical characteristics in the rule database. The decision tree is independent in existence of any anomaly in the security policy of firewalls. Also, we minimize the average packet matching time of the searching algorithm by eliminating the overhead caused due to backtracking. Simulation results justify that the proposed decision tree improves the performance of the matching algorithm by about 30 percent
Ahmad Ahmadi Mohsen Rezvani Aresh Dadlani
School of Information Technology and Computer Engineering, Amirkabir University of Technology, Iran School of Information Technology and Computer Engineering, Shahrood University of Technology, Iran Department of Information and Communications, Gwangju Institute of Science and Technology, Republic
国际会议
太原
英文
5-9
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)