A performance-optimized firewall rules matching algorithm
The algorithm of firewall rules matching designed in this paper is based on the idea of divide-and-conquer the rulesset.The rules set are divided into multiple sub-sets in accordance with the protocol type.Then,accordance with the relationship between two rules,each sub-set is divided into two groups:disordered group and queue group.Furthermore,hash function is designed to match rules in disorder group,while indexing algorithm is proposed to match rules in the queue group.The analysis shows that the efficiency of the algorithm is much better than similar algorithms,greatly improving the performance of the firewall.
firewall rule matching divide-and-conquer hash
Li Zhong Li Xiao
Institute of Information Science and Technology Zhengzhou Zhengzhou,P.R.China
国际会议
杭州
英文
1423-1426
2013-03-22(万方平台首次上网日期,不代表论文的发表时间)