Scribd Logo
Hochladen

Willkommen bei Scribd!

  • The Geometric Efficient Matching Algorithm For Firewalls Abstract

    Hochgeladen von

    Harish Gogula
    20 Ansichten2 Seiten
    The document discusses the Geometric Efficient Matching (GEM) algorithm for packet matching in firewalls. GEM treats packet matching as a point location problem in computational geometry. It allows for logarithmic matching time but has a theoretical worst-case space complexity of O(n4) for a rulebase of n rules. However, simulations show that on real firewall rulebases, GEM uses near-linear space, requiring only 13MB for 5,000 rules. Integrating GEM into the Linux iptables firewall, it achieved over 30,000 packets-per-second filtering on a standard PC even with 10,000 rules, showing GEM is efficient and practical for firewalls.

    Originalbeschreibung:

    Originaltitel

    07

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The document discusses the Geometric Efficient Matching (GEM) algorithm for packet matching in firewalls. GEM treats packet matching as a point location problem in computational geometry. It allows for logarithmic matching time but has a theoretical worst-case space complexity of O(n4) for a rulebase of n rules. However, simulations show that on real firewall rulebases, GEM uses near-linear space, requiring only 13MB for 5,000 rules. Integrating GEM into the Linux iptables firewall, it achieved over 30,000 packets-per-second filtering on a standard PC even with 10,000 rules, showing GEM is efficient and practical for firewalls.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    20 Ansichten2 Seiten

    The Geometric Efficient Matching Algorithm For Firewalls Abstract

    Hochgeladen von

    Harish Gogula
    The document discusses the Geometric Efficient Matching (GEM) algorithm for packet matching in firewalls. GEM treats packet matching as a point location problem in computational geometry. It allows for logarithmic matching time but has a theoretical worst-case space complexity of O(n4) for a rulebase of n rules. However, simulations show that on real firewall rulebases, GEM uses near-linear space, requiring only 13MB for 5,000 rules. Integrating GEM into the Linux iptables firewall, it achieved over 30,000 packets-per-second filtering on a standard PC even with 10,000 rules, showing GEM is efficient and practical for firewalls.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    NAME:P.

    FIROZE KHAN
    Roll no:08731F0007
    Cell no:9000084720

    EMAIL ID:firoze.pathan.khan@gmail.com

    The Geometric Efficient Matching


    Algorithm for Firewalls

    Abstract:
    Since firewalls need to filter all the traffic crossing the network perimeter, they
    should be able to sustain a very high throughput, or risk becoming a bottleneck.
    Firewall packet matching can be viewed as a point location problem: Each packet
    (point) has five fields (dimensions), which need to be checked against every
    firewall rule in order to find the first matching rule. Thus, algorithms from
    computational geometry can be applied. In this paper, we consider a classical
    algorithm that we adapted to the firewall domain. We call the resulting algorithm
    “Geometric Efficient Matching” (GEM). The GEM algorithm enjoys a logarithmic
    matching time performance. However, the algorithm’s theoretical worst-case space
    complexity is Oðn4Þ for a rule-base with n rules. Because of this perceived high
    space complexity, GEM-like algorithms were rejected as impractical by earlier
    works. Contrary to this conclusion, this paper shows that GEM is actually an
    excellent choice. Based on statistics from real firewall rule-bases, we created a
    Perimeter rules model that generates random, but nonuniform, rule-bases. We
    evaluated GEM via extensive simulation using the Perimeter rules model. Our
    simulations show that on such rule-bases, GEM uses near-linear space, and only
    needs approximately 13 MB of space for rule-bases of 5,000 rules. Moreover, with
    use of additional space improving heuristics, we have been able to reduce the space
    requirement to 2-3 MB for 5,000 rules. But most importantly, we integrated GEM
    into the code of the Linux iptables open-source firewall, and tested it on real traffic
    loads. Our GEM-iptables implementation managed to filter over 30,000 packets-
    per-second on a standard PC, even with 10,000 rules. Therefore, we believe that
    GEM is an efficient and practical algorithm for firewall packet matching.

    SYSTEM CONFIGURATION
    HARDWARE CONFIGURATION

    S.NO HARDWARE CONFIGURATIONS

    1 Operating System Windows 2000 & XP

    2 RAM 1GB

    Intel Pentium IV (3.0 GHz) and


    3 Processor (with Speed)
    Upwards

    4 Hard Disk Size 40 GB and above

    5 Monitor 15’ CRT

    SOFTWARE CONFIGURATION

    S.NO SOFTWARE CONFIGURATIONS

    1 Platform Microsoft Visual Studio

    2 Framework .Net Framework 2.0

    3 Language C#.Net

    4 Front End Windows application

    5 Back End SQL Server 2005

    Das könnte Ihnen auch gefallen