Hybrid Tree-Rule Firewall for High Speed Data Transmission
Copyright policy )Hybrid Tree-Rule Firewall for High Speed Data Transmission
Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall.
- University of Technology Sydney Australia
- University of Twente Netherlands
cloud network, high speed firewall, 004 Data processing & computer science, QA75 Electronic computers. Computer science, Culture and Communities, Firewall, Firewalls (computing), Cloud computing, IP networks, Field programmable gate arrays, Filtering, Ports (Computers), Cyber-security, AI and Technologies, network security, Centre for Distributed Computing, Networking and Security, Networks, computer network
cloud network, high speed firewall, 004 Data processing & computer science, QA75 Electronic computers. Computer science, Culture and Communities, Firewall, Firewalls (computing), Cloud computing, IP networks, Field programmable gate arrays, Filtering, Ports (Computers), Cyber-security, AI and Technologies, network security, Centre for Distributed Computing, Networking and Security, Networks, computer network
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).11 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!