Adaptive Statistical Optimization Techniques for Firewall Packet Filtering

  • Slides: 21
Download presentation
Adaptive Statistical Optimization Techniques for Firewall Packet Filtering (Infocom ’ 06) Hazem Hamed, Adel

Adaptive Statistical Optimization Techniques for Firewall Packet Filtering (Infocom ’ 06) Hazem Hamed, Adel El-Atawy, Ehab Al-Shaer School of Computer Science, De. Paul University, Chicago, USA

Background Packet filtering (classification) Most of the related works use deterministic techniques Also, no

Background Packet filtering (classification) Most of the related works use deterministic techniques Also, no special consideration for optimizing packet rejection (really rejection) Internet traffic properties: “skewness” in traffic distribution • the “skewness” is relatively stable • 2 NSLab Seminar

Contribution A novel algorithm for maximizing early rejection of unwanted flows without impacting other

Contribution A novel algorithm for maximizing early rejection of unwanted flows without impacting other flows significantly A new packet filtering optimization technique that uses adaptive statistical search trees utilize important traffic characteristics • Minimize the average packet matching time • 3 NSLab Seminar

Early Traffic Rejection Goal: to select the minimum number of early rejection rules that

Early Traffic Rejection Goal: to select the minimum number of early rejection rules that has the maximum discarding effect represents the set of all possible represents a selection of such that a A’ can be used to form a Rejection Rule (RR) 4 NSLab Seminar

Early Traffic Rejection: Dynamic rule selection The number of rejection rules: leads to: The

Early Traffic Rejection: Dynamic rule selection The number of rejection rules: leads to: The effect of adding a specific RR at run time 5 NSLab Seminar

Early Traffic Rejection: Algorithms 6 NSLab Seminar

Early Traffic Rejection: Algorithms 6 NSLab Seminar

Locality of matching properties in firewall filtering Packet flow properties 7 NSLab Seminar

Locality of matching properties in firewall filtering Packet flow properties 7 NSLab Seminar

Locality of matching properties in firewall filtering Packet field properties 8 • skewness factor

Locality of matching properties in firewall filtering Packet field properties 8 • skewness factor • only a small portion of the field values used by majority of the traffic NSLab Seminar

Statistical matching tree binary search tree • worst case search time lg(n) statistical search

Statistical matching tree binary search tree • worst case search time lg(n) statistical search tree • 9 insert values of higher occurrence probability at higher tree levels NSLab Seminar

Matching tree construction time complexity: space complexity: 10 NSLab Seminar

Matching tree construction time complexity: space complexity: 10 NSLab Seminar

Policy matching Cascaded-tree matching Parallel-tree matching lookup is performed against each field separately •

Policy matching Cascaded-tree matching Parallel-tree matching lookup is performed against each field separately • the matched rule is found by getting the intersection between each field’s matching • 11 NSLab Seminar

Tree reconstruction and updates Performance triggered updates • optimization efficacy is the height of

Tree reconstruction and updates Performance triggered updates • optimization efficacy is the height of the destination leaf of packet is the gain over binary search for packet , Periodic mandatory updates to avoid extended periods of mediocre performance that is just above the rebuilding threshold • a new matching tree is constructed • 12 NSLab Seminar

Performance Evaluation of early rejection 13 NSLab Seminar

Performance Evaluation of early rejection 13 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 14 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 14 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 15 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 15 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 16 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 16 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 17 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 17 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 18 NSLab Seminar

Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 18 NSLab Seminar

Performance Evaluation: adaptive statistical filtering adaptive tree updates • 19 only 2 -5 times

Performance Evaluation: adaptive statistical filtering adaptive tree updates • 19 only 2 -5 times in an hour when NSLab Seminar and

Thanks! 21 NSLab Seminar

Thanks! 21 NSLab Seminar

Firewall POS SATPAM Firewall Apa itu firewall FirewallFirewall POS SATPAM Firewall Apa itu firewall Firewall
Firewall Operation Packet Filtering Firewall l Stateful InspectionFirewall Operation Packet Filtering Firewall l Stateful Inspection
Firewall Operation Packet Filtering Firewall l Stateful InspectionFirewall Operation Packet Filtering Firewall l Stateful Inspection
Firewall Operation Packet Filtering Firewall l Stateful InspectionFirewall Operation Packet Filtering Firewall l Stateful Inspection
Outlines Introduction About packet filtering Stateless packet filteringOutlines Introduction About packet filtering Stateless packet filtering
Packet Filtering Firewalls Stateless Packet Filtering Assume WePacket Filtering Firewalls Stateless Packet Filtering Assume We
FIREWALL Konsep Firewall Firewall adalah sebuah sistem atauFIREWALL Konsep Firewall Firewall adalah sebuah sistem atau
FIREWALL Conceito o que um Firewall Firewall umaFIREWALL Conceito o que um Firewall Firewall uma
FIREWALL Luidi V A Andrade Firewall Um firewallFIREWALL Luidi V A Andrade Firewall Um firewall
FIREWALL OUTLINES Firewall concept Firewall rule Types ofFIREWALL OUTLINES Firewall concept Firewall rule Types of
FIREWALL Purpose of Firewall A firewall protects networkFIREWALL Purpose of Firewall A firewall protects network
Optimization in Adaptive Filtering CLARIT Trec8 Filtering ExperimentsOptimization in Adaptive Filtering CLARIT Trec8 Filtering Experiments
No Adaptive Adaptive Adaptive UI Adaptive UI UWPNo Adaptive Adaptive Adaptive UI Adaptive UI UWP
Chapter 19 Firewalls Packet Filtering Firewall Application GatewayChapter 19 Firewalls Packet Filtering Firewall Application Gateway
Outline22 Firewall Packet Filtering Application Gateway Proxy ServerOutline22 Firewall Packet Filtering Application Gateway Proxy Server
Lab 7 Filtering What is filtering Filtering isLab 7 Filtering What is filtering Filtering is
Morphological Filtering Spatial Filtering Morphological Filtering Morphological operatorsMorphological Filtering Spatial Filtering Morphological Filtering Morphological operators
Filtering What Is Filtering Filtering is spectral shapingFiltering What Is Filtering Filtering is spectral shaping
Packet Filtering CS480 b Dick Steflik Stateless PacketPacket Filtering CS480 b Dick Steflik Stateless Packet
Packet Filtering Prabhaker MatetiPacket Filters 1 Packet FiltersPacket Filtering Prabhaker MatetiPacket Filters 1 Packet Filters