TY - GEN
T1 - A traffic-aware top-N firewall approximation algorithm
AU - Lam, Ho Yu
AU - Wang, Donghan
AU - Jonathan Chao, H.
PY - 2011
Y1 - 2011
N2 - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
AB - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
UR - http://www.scopus.com/inward/record.url?scp=79960596605&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79960596605&partnerID=8YFLogxK
U2 - 10.1109/INFCOMW.2011.5928779
DO - 10.1109/INFCOMW.2011.5928779
M3 - Conference contribution
AN - SCOPUS:79960596605
SN - 9781457702488
T3 - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
SP - 1036
EP - 1041
BT - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
T2 - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
Y2 - 10 April 2011 through 15 April 2011
ER -