Title | ||
---|---|---|
Poster : Minimizing range rules for packet filtering using a double mask representation |
Abstract | ||
---|---|---|
Packet filtering is widely used in multiple networking applications, including firewalls, intrusion detection systems, routers and load balances, to decide whether to accept or deny an incoming packet. This mechanism relies on packet's header fields to filter such traffic by using range rules of IP addresses or ports. However, the set of packet filters has to handle a growing number of connected nodes and many of them are compromised and used as sources of attacks. For instance, IP filter sets available in blacklists may reach several millions of entries, and may require large memory space for their storage in filtering appliances. In this paper, we propose a new method based on a double mask IP prefix representation associated to a linear transformation algorithm to build a reduced set of range rules. Our experiments show that the proposed method achieves a reduction ratio of up to 74% on synthetic range rule sets. |
Year | DOI | Venue |
---|---|---|
2019 | 10.23919/IFIPNetworking46909.2019.8999466 | 2019 IFIP Networking Conference (IFIP Networking) |
Keywords | DocType | ISSN |
packet filtering,double mask representation,range rules | Conference | 1571-5736 |
ISBN | Citations | PageRank |
978-1-7281-3671-4 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ahmad Abboud | 1 | 1 | 1.72 |
Abdelkader Lahmadi | 2 | 90 | 18.46 |
Michaël Rusinowitch | 3 | 11 | 2.55 |
Miguel Couceiro | 4 | 1 | 0.70 |
Adel Bouhoula | 5 | 579 | 57.05 |