Document Type

Article

Publication Date

2-2019

Publication Title

Tsinghua Science and Technology

Abstract

Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance. In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem. Second, we propose a new scheme, Firewall Policies Compression (FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules.

Comments

This work was supported by the National Natural Science Foundation of China (Nos. 61672543 and 61402542), Research Foundation of the Education Department of Hunan Province (No. 17B022), and Hunan Provincial Innovation Foundation for Postgraduate (No. CX2014B081).

DOI

10.26599/TST.2018.9010003

Version

Postprint

Volume

24

Issue

1

Download

Share

COinS