A traffic-aware top-N firewall approximation algorithm

Ho Y. Lam, Donghan Wang, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.

Original languageEnglish (US)
Title of host publication2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
Pages1036-1041
Number of pages6
DOIs
StatePublished - 2011
Event2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 - Shanghai, China
Duration: Apr 10 2011Apr 15 2011

Other

Other2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
CountryChina
CityShanghai
Period4/10/114/15/11

Fingerprint

Approximation algorithms
traffic
Network security
simulation

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Communication

Cite this

Lam, H. Y., Wang, D., & Chao, H. J. (2011). A traffic-aware top-N firewall approximation algorithm. In 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 (pp. 1036-1041). [5928779] https://doi.org/10.1109/INFCOMW.2011.5928779

A traffic-aware top-N firewall approximation algorithm. / Lam, Ho Y.; Wang, Donghan; Chao, H. Jonathan.

2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011. 2011. p. 1036-1041 5928779.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lam, HY, Wang, D & Chao, HJ 2011, A traffic-aware top-N firewall approximation algorithm. in 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011., 5928779, pp. 1036-1041, 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011, Shanghai, China, 4/10/11. https://doi.org/10.1109/INFCOMW.2011.5928779
Lam HY, Wang D, Chao HJ. A traffic-aware top-N firewall approximation algorithm. In 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011. 2011. p. 1036-1041. 5928779 https://doi.org/10.1109/INFCOMW.2011.5928779
Lam, Ho Y. ; Wang, Donghan ; Chao, H. Jonathan. / A traffic-aware top-N firewall approximation algorithm. 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011. 2011. pp. 1036-1041
@inproceedings{549eb41f806048cb8c6398c3533773c7,
title = "A traffic-aware top-N firewall approximation algorithm",
abstract = "Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.",
author = "Lam, {Ho Y.} and Donghan Wang and Chao, {H. Jonathan}",
year = "2011",
doi = "10.1109/INFCOMW.2011.5928779",
language = "English (US)",
isbn = "9781457702488",
pages = "1036--1041",
booktitle = "2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011",

}

TY - GEN

T1 - A traffic-aware top-N firewall approximation algorithm

AU - Lam, Ho Y.

AU - Wang, Donghan

AU - Chao, H. Jonathan

PY - 2011

Y1 - 2011

N2 - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.

AB - Packet classification is widely used in various network security and operation applications. Two of the main challenges are the increasing number of classification rules, amount of traffic and network line speed. In this paper, we investigate an approximation algorithm for selecting the top- N most frequently matched subset of rules from the original ruleset. The goal is to obtain Top-N rules that covers as much traffic as possible while preserving the dependency relationships. Through simulations, we show that our approaches the optimal while runs in seconds, allowing online adaptation to changing traffic patterns.

UR - http://www.scopus.com/inward/record.url?scp=79960596605&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960596605&partnerID=8YFLogxK

U2 - 10.1109/INFCOMW.2011.5928779

DO - 10.1109/INFCOMW.2011.5928779

M3 - Conference contribution

SN - 9781457702488

SP - 1036

EP - 1041

BT - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011

ER -