CFP last date
20 January 2025
Reseach Article

Dynamic Rule based Interfirewall Optimization using Redundancy Removal Algorithm

by Arun Prasath. Y, Revathi. N
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 92 - Number 6
Year of Publication: 2014
Authors: Arun Prasath. Y, Revathi. N
10.5120/16017-5133

Arun Prasath. Y, Revathi. N . Dynamic Rule based Interfirewall Optimization using Redundancy Removal Algorithm. International Journal of Computer Applications. 92, 6 ( April 2014), 49-52. DOI=10.5120/16017-5133

@article{ 10.5120/16017-5133,
author = { Arun Prasath. Y, Revathi. N },
title = { Dynamic Rule based Interfirewall Optimization using Redundancy Removal Algorithm },
journal = { International Journal of Computer Applications },
issue_date = { April 2014 },
volume = { 92 },
number = { 6 },
month = { April },
year = { 2014 },
issn = { 0975-8887 },
pages = { 49-52 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume92/number6/16017-5133/ },
doi = { 10.5120/16017-5133 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:13:37.531643+05:30
%A Arun Prasath. Y
%A Revathi. N
%T Dynamic Rule based Interfirewall Optimization using Redundancy Removal Algorithm
%J International Journal of Computer Applications
%@ 0975-8887
%V 92
%N 6
%P 49-52
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Firewall is a typical security system that extensively secures the private networks. The operation of a firewall is to analyze every packet and decide whether to accept or discard it based upon the firewall policy. This policy is specified as a set of rules. The work focuses on inter-firewall optimization over distinct administrative domain without exploiting the privacy policies. With the massive growth of Internet-based applications, the number of rules in firewalls has been increasing in a rapid rate, which degrades the network performance and throughput. To mitigate the number of rules validation for every session, a dynamic rules estimation algorithm is proposed. However, an error in a firewall either discloses secret information from its network or interrupts proper communication between its network and the Internet. The redundancy removal algorithm is used to overcome these problems by reducing the redundant rules in the firewall with multi-rule coverage. The optimization process involves semi-honest computation between the two firewalls by preserving privacy of the each party firewall policies. The algorithm used will avoid the rules overhead and increases the efficiency by optimizing the firewall.

References
  1. A. Wool, Jun. 2004, "A quantitative study of firewall configuration errors," Computer, vol. 37, no. 6, pp. 62–67.
  2. Q. Dong, S. Banerjee, J. Wang, D. Agrawal, and A. Shukla, 2006, "Packet classifiers in ternary CAMs can be smaller," in Proc. ACM SIGMETRICS, pp. 311–322.
  3. L. Yuan, H. Chen, J. Mai, C. -N. Chuah, Z. Su, and P. Mohapatra, 2006, "Fireman: A toolkit for firewall modelling and analysis," in Proc. IEEES&P, pp. 199–213.
  4. C. R. Meiners, A. X. Liu, and E. Torng, 2007, "TCAM Razor: A systematic approach towards minimizing packet classifiers in TCAMs," in Proc. IEEE ICNP.
  5. A. X. Liu and M. G. Gouda, Sep. 2008, "Diverse firewall design," IEEE Trans. Parallel Distributed Syst. , vol. 19, no. 8, pp. 1237–1251.
  6. A. X. Liu, C. R. Meiners, and Y. Zhou, 2008, "All-match based complete redundancy removal for packet classifiers in TCAMs," in Proc. IEEEINFOCOM, pp. 574–582.
  7. A. X. Liu, E. Torng, and C. Meiners, 2008, "Firewall compressor: An algorithm for minimizing firewall policies," in Proc. IEEE INFOCOM.
  8. C. R. Meiners, A. X. Liu, and E. Torng, 2009, "Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs" in Proc. IEEEICNP, pp. 93–102.
  9. A. X. Liu, C. R. Meiners, and E. Torng, Apr. 2010, "TCAM Razor: A systematic approach towards minimizing packet classifiers in TCAMs,"IEEE/ACM Trans. Networks, vol. 18, no. 2, pp. 490–500.
  10. A. X. Liu and M. G. Gouda, Apr. 2010. "Complete redundancy removal for packet classifiers in TCAMs," IEEE Trans. Parallel Distrib. Syst. , vol. 21, no. 4, pp. 424–437.
  11. Fei Chen, Bruhadeshwar. B, A. X. Liu, June 2013,"Cross domain privacy preserving firewall optimisation" IEEE/ACM Transactions On Networking, Vol. 21, No. 3, pp. 857-868.
Index Terms

Computer Science
Information Sciences

Keywords

Dynamic rule estimation Redundancy removal algorithm Firewall optimization.