Welcome to Project Solutions !

Project Solutions is the leading final year engineering project providers for IT and Computer Science students across India

The Geometric Efficient Matching Algorithm for Firewalls

NameThe Geometric Efficient Matching Algorithm for Firewalls
CategoryParallel and Distributed System

The firewall is one of the central technologies allowing high-level access control to organization networks. Packet matching in firewalls involves matching on many fields from the TCP and IP packet header. At least five fields (protocol number, source and destination IP addresses, and ports) are involved in the decision which rule applies to a given packet. With available bandwidth increasing rapidly, very efficient matching algorithms need to be deployed in modern firewalls to ensure that the firewall does not become a bottleneck Since firewalls need to filter all the traffic crossing the network perimeter, they should be able to sustain a very high throughput, or risk becoming a bottleneck. Thus, algorithms from computational geometry can be applied. In this paper we consider a classical algorithm that we adapted to the firewall domain. We call the resulting algorithm “Geometric Efficient Matching” (GEM). The GEM algorithm enjoys a logarithmic matching time performance. However, the algorithm’s theoretical worst-case space complexity is O (n4) for a rule-base with n rules. Because of this perceived high space complexity, GEM-like algorithms were rejected as impractical by earlier works. Contrary to this conclusion, this paper shows that GEM is actually an excellent choice. Based on statistics from real firewall rule-bases, we created a Perimeter rules model that generates random, but non-uniform, rulebases. We evaluated GEM via extensive simulation using the Perimeter rules model.

is ieee
ieee paper year2011
price rangemedium
Share this google icon

Get a Call Back

related projects

more projects+


Total 0 comments.
    view all

Post your comment

(It will not be published)