A Heuristic Algorithm for Reconstructing a Packet Filter with Dependent Rules

Access this Article

Search this Article

Author(s)

Abstract

Network devices, such as routers or L3 switches, have a feature called packet-filtering for network security. They determine whether or not to pass arriving packets by applying filtering rules to them. If the number of comparisons of packets with rules increases, the time required for a determination will increase, which will result in greater communication delay. Various algorithms for optimizing filtering tables to minimize the load of packet filtering, which directly impacts the communication delay, have been proposed. In this paper, first we introduce an adaptive packet filter based on an algorithm that reconstructs the filtering table according to the frequency distribution of arrival packets. Next, we propose a new reconstruction algorithm based on grouping of dependent rules. Grouping dependent rules makes it possible to sort the rules in the table by the frequency of matching. Finally, we show the effectiveness of our algorithm by comparing it against previously reported algorithms.

Journal

  • IEICE Transactions on Communications

    IEICE Transactions on Communications 96(1), 155-162, 2013-01-01

    The Institute of Electronics, Information and Communication Engineers

References:  13

Codes

Page Top