TY - GEN
T1 - A traffic-aware top-N firewall ruleset approximation algorithm
AU - Lam, Ho Yu
AU - Wang, Donghan
AU - Chao, H. Jonathan
PY - 2010
Y1 - 2010
N2 - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this poster, we investigate an approximation algorithm for selecting the top-N most frequently matched subset of rules from the original ruleset. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
AB - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this poster, we investigate an approximation algorithm for selecting the top-N most frequently matched subset of rules from the original ruleset. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.
UR - http://www.scopus.com/inward/record.url?scp=78650438123&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650438123&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:78650438123
SN - 9781450303798
T3 - ANCS 2010 - Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
BT - ANCS 2010 - Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
T2 - 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2010
Y2 - 25 October 2010 through 26 October 2010
ER -