Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013)

A performance-optimized firewall rules matching algorithm

Authors
Zhong Li, Xiao Li
Corresponding Author
Zhong Li
Available Online March 2013.
DOI
10.2991/iccsee.2013.358How to use a DOI?
Keywords
firewall, rule matching, divide-and-conquer, hash
Abstract

The algorithm of firewall rules matching designed in this paper is based on the idea of divide-and-conquer the rules set. The rules set are divided into multiple sub-sets in accordance with the protocol type. Then, accordance with the relationship between two rules, each sub-set is divided into two groups: disordered group and queue group. Furthermore, hash function is designed to match rules in disorder group, while indexing algorithm is proposed to match rules in the queue group. The analysis shows that the efficiency of the algorithm is much better than similar algorithms, greatly improving the performance of the firewall.

Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013)
Series
Advances in Intelligent Systems Research
Publication Date
March 2013
ISBN
10.2991/iccsee.2013.358
ISSN
1951-6851
DOI
10.2991/iccsee.2013.358How to use a DOI?
Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Zhong Li
AU  - Xiao Li
PY  - 2013/03
DA  - 2013/03
TI  - A performance-optimized firewall rules matching algorithm
BT  - Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013)
PB  - Atlantis Press
SP  - 1422
EP  - 1425
SN  - 1951-6851
UR  - https://doi.org/10.2991/iccsee.2013.358
DO  - 10.2991/iccsee.2013.358
ID  - Li2013/03
ER  -