Adaptive Statistical Optimization Techniques for Firewall Packet Filtering
- Slides: 21
Adaptive Statistical Optimization Techniques for Firewall Packet Filtering (Infocom ’ 06) Hazem Hamed, Adel El-Atawy, Ehab Al-Shaer School of Computer Science, De. Paul University, Chicago, USA
Background Packet filtering (classification) Most of the related works use deterministic techniques Also, no special consideration for optimizing packet rejection (really rejection) Internet traffic properties: “skewness” in traffic distribution • the “skewness” is relatively stable • 2 NSLab Seminar
Contribution A novel algorithm for maximizing early rejection of unwanted flows without impacting other flows significantly A new packet filtering optimization technique that uses adaptive statistical search trees utilize important traffic characteristics • Minimize the average packet matching time • 3 NSLab Seminar
Early Traffic Rejection Goal: to select the minimum number of early rejection rules that has the maximum discarding effect represents the set of all possible represents a selection of such that a A’ can be used to form a Rejection Rule (RR) 4 NSLab Seminar
Early Traffic Rejection: Dynamic rule selection The number of rejection rules: leads to: The effect of adding a specific RR at run time 5 NSLab Seminar
Early Traffic Rejection: Algorithms 6 NSLab Seminar
Locality of matching properties in firewall filtering Packet flow properties 7 NSLab Seminar
Locality of matching properties in firewall filtering Packet field properties 8 • skewness factor • only a small portion of the field values used by majority of the traffic NSLab Seminar
Statistical matching tree binary search tree • worst case search time lg(n) statistical search tree • 9 insert values of higher occurrence probability at higher tree levels NSLab Seminar
Matching tree construction time complexity: space complexity: 10 NSLab Seminar
Policy matching Cascaded-tree matching Parallel-tree matching lookup is performed against each field separately • the matched rule is found by getting the intersection between each field’s matching • 11 NSLab Seminar
Tree reconstruction and updates Performance triggered updates • optimization efficacy is the height of the destination leaf of packet is the gain over binary search for packet , Periodic mandatory updates to avoid extended periods of mediocre performance that is just above the rebuilding threshold • a new matching tree is constructed • 12 NSLab Seminar
Performance Evaluation of early rejection 13 NSLab Seminar
Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 14 NSLab Seminar
Performance Evaluation: adaptive statistical filtering effectiveness for individual filtering fields 15 NSLab Seminar
Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 16 NSLab Seminar
Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 17 NSLab Seminar
Performance Evaluation: adaptive statistical filtering effectiveness for filtering policy 18 NSLab Seminar
Performance Evaluation: adaptive statistical filtering adaptive tree updates • 19 only 2 -5 times in an hour when NSLab Seminar and
Thanks! 21 NSLab Seminar
- Packet filter firewall definition
- Jelaskan konsep firewall
- Packet filtering firewall
- Ingress filtering vs egress filtering
- Stateless inspection
- Screened host firewall
- Stateful and stateless firewall
- Firewall basing
- Preserving statistical validity in adaptive data analysis
- Cisco packet icons
- Nexus switch icon
- Optimization techniques
- Code optimization techniques
- Numerical optimization techniques for engineering design
- Optimization techniques in pharmaceutical formulation
- Optimization techniques
- Statistical techniques in robotics
- Weather forecasting techniques
- Statistical techniques in robotics
- Packet analysis techniques
- Fonctions techniques et solutions techniques
- Atmosfr