An MTIDD Based Firewall |
| |
Authors: | Christiansen Mikkel Fleury Emmanuel |
| |
Affiliation: | 1. Department of Computer Science, Aalborg University, BRICS, Fredrik Bajersvej, 7, 9220, Aalborg OE, Denmark
|
| |
Abstract: | This paper explores the use of Multi-Terminal Interval Decision Diagrams (MTIDDs) as the central structure of a firewall packet filtering mechanism. This is done by first relating the packet filtering problem to predicate logic, then implementing a prototype which is used in an empirical evaluation. The main benefits of the MTIDD structure are that it provides access to Boolean algebra over filters, efficient classification time, and a compact representation. Results from the empirical evaluation shows that MTIDDs are scalable in terms of memory usage: a 50,000 rule filter requires only 3MB of memory, and efficient for packet classification: it is able to handle more rules than the schemes it was compared to without causing a degradation in performance. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|