Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices

Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices

Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rul...

Full description

Bibliographic Details
Main Authors: Andrea Baiocchi, Gianluca Maiolini, Annachiara Mingo, Daniele Goretti
Format: Article
Language:English
Published: Hindawi Limited 2015-01-01
Series:Journal of Computer Networks and Communications
Online Access:http://dx.doi.org/10.1155/2015/872326
id doaj-11c8e81b5c93451a943a1a9282597a4e
record_format Article
spelling doaj-11c8e81b5c93451a943a1a9282597a4e2020-11-24T22:53:40ZengHindawi LimitedJournal of Computer Networks and Communications2090-71412090-715X2015-01-01201510.1155/2015/872326872326Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering DevicesAndrea Baiocchi0Gianluca Maiolini1Annachiara Mingo2Daniele Goretti3Department of Information Engineering, Electronics and Telecommunications (DIET), University of Roma “Sapienza”, Via Eudossiana 18, 00184 Rome, ItalyIpanema Technologies, Via Roberto Lepetit 8/10, 20124 Milan, ItalyDigi International GmbH, Lise-Meitner-Straße 9, 85737 Ismaning, GermanyAltran Italia S.p.A., Via Tiburtina 1232, 00131 Rome, ItalyPacket filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices.http://dx.doi.org/10.1155/2015/872326
collection DOAJ
language English
format Article
sources DOAJ
author Andrea Baiocchi
Gianluca Maiolini
Annachiara Mingo
Daniele Goretti
spellingShingle Andrea Baiocchi
Gianluca Maiolini
Annachiara Mingo
Daniele Goretti
Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
Journal of Computer Networks and Communications
author_facet Andrea Baiocchi
Gianluca Maiolini
Annachiara Mingo
Daniele Goretti
author_sort Andrea Baiocchi
title Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
title_short Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
title_full Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
title_fullStr Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
title_full_unstemmed Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices
title_sort adaptive conflict-free optimization of rule sets for network security packet filtering devices
publisher Hindawi Limited
series Journal of Computer Networks and Communications
issn 2090-7141
2090-715X
publishDate 2015-01-01
description Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices.
url http://dx.doi.org/10.1155/2015/872326
work_keys_str_mv AT andreabaiocchi adaptiveconflictfreeoptimizationofrulesetsfornetworksecuritypacketfilteringdevices
AT gianlucamaiolini adaptiveconflictfreeoptimizationofrulesetsfornetworksecuritypacketfilteringdevices
AT annachiaramingo adaptiveconflictfreeoptimizationofrulesetsfornetworksecuritypacketfilteringdevices
AT danielegoretti adaptiveconflictfreeoptimizationofrulesetsfornetworksecuritypacketfilteringdevices
_version_ 1725662527748046848

Similar Items