Paper Info
Title
Splay trees based early packet rejection mechanism against DoS traffic targeting firewall default security rule
Abstract
As the size of the firewall security policies grows; the discarded packets by the default security rule affect significantly the system performance and become increasingly harmful in terms of filtering processing time. In this paper, we propose a mechanism to improve firewall performance through the early rejection of Denial of Service (DoS) traffic targeting the default security rule. To do that, the mechanism optimizes the order of the security policy filtering fields, using a traffic statistical scheme which is based on multilevel filtering modules, splay trees and hash tables. The proposed scheme can easily reject unwanted traffic in early stages as well as accept repeated packets with less memory accesses, and thus less overall packets matching time. The numerical results obtained by simulation demonstrated that the proposed mechanism reduced significantly the filtering processing time of DoS traffic targeting the firewall default security rule, compared to the related Self Adjusting Binary Search on Prefix Length (SA-BSPL) technique.
Year
DOI
Venue
2011
10.1109/WIFS.2011.6123123
Information Forensics and Security
Keywords
Field
DocType
firewall performance,processing time,default security rule,splay tree,firewall default security rule,unwanted traffic,dos traffic,security policy,firewall security policy,proposed mechanism,traffic statistical scheme,early packet rejection mechanism,cryptography,hash table,computer network security,binary search,system performance,denial of service,pattern matching,authorisation
Denial-of-service attack,Firewall (construction),Splay tree,Computer science,Network security,Network packet,Computer network,Application firewall,Stateful firewall,Security policy,Distributed computing
Conference
ISBN
Citations 
PageRank 
978-1-4577-1018-6
0
0.34
References 
Authors
12
2
Name
Order
Citations
PageRank
Zouheir Trabelsi113627.78
Safaa Zeidan2255.54