Managing hybrid packet filter's specifications Online publication date: Wed, 24-Oct-2012
by Nizar Ben Neji; Adel Bouhoula
International Journal of Security and Networks (IJSN), Vol. 7, No. 2, 2012
Abstract: The coexistence of range based and prefix based fields within the filtering policy is one of the most important cause that makes the packet filtering problem difficult to solve and the proposed hybrid solutions hard to implement. Packet filters must support rule sets involving any type of conditions and must scale the number of rules, the number of fields, and the field sizes in order to avoid being outdated by future internet developments. Since the prefix-based solutions are the most efficient, we try to efficiently incorporate ranges in such data structure using of the new concept of signed prefixes that helps to guarantee homogeneity when matching on multiple packet header fields of distinct types. The proposed two-staged prefix-based model is able to achieve good performance in a practical environment and it scales well as the filtering list size increases and contains a large variety of range specifications.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com