EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


26974 Hybrid tree-rule firewall for high speed data transmission
Home Policy Brochure Browse Search User Area Contact Help

Chomsiri, T. and He, Xiangjian and Nanda, P. and Tan, Zhiyuan (2017) Hybrid tree-rule firewall for high speed data transmission. IEEE Transactions on Cloud Computing, online pre-publication. pp. 1-13. ISSN 2168-7161

Full text available as:

PDF
- Univ. of Twente only
1769 Kb

Official URL: http://dx.doi.org/10.1109/TCC.2016.2554548

Exported to Metis

Abstract

Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall.

Item Type:Article
Research Group:EWI-SCS: Services, Cyber security and Safety
Research Program:CTIT-General
Additional Information:The submission has nothing to do with any research program and research project running in UT. It presents the outcomes of my personal collaboration with other international scholars.
Uncontrolled Keywords:Firewall, High Speed Firewall, Network Security, Computer Network, Cloud Network
ID Code:26974
Status:Online pre-publication
Deposited On:21 April 2016
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item