|
Title:
|
HIGH COST ELIMINATION METHOD FOR BEST CLASS PERMUTATION IN ACCESS LISTS |
|
Author(s):
|
Faheem Bukhatwa |
|
ISBN:
|
972-99353-0-0 |
|
Editors:
|
Pedro Isaías and Nitya Karmakar |
|
Year:
|
2004 |
|
Edition:
|
1 |
|
Keywords:
|
Packet filtering, access lists, packet classification, cost weighing, PRCW. |
|
Type:
|
Full Paper |
|
First Page:
|
287 |
|
Last Page:
|
294 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
As communication is greatly expanding and the number of users continues to increase, the number of attacks on the Internet is also increasing. All this places more pressure on packet classifiers and filters to provide more filtering and greater security at higher performance levels without causing a bottleneck. Organising the rules in access lists according to their class is a way of improving performance for access list-based packet filters. One problem with this method is the large number of different permutations of the rules classes in an access list for each individual pattern of arriving packets. The Packet-Rule Cost Weighing method (PRCW) is proposed which obtains the best organisation of the classes of rules in an access list that will guarantee the best performance. This method is based on classifying the rules in the access list and obtaining the relative processing cost of each rule. By obtaining the necessary parameters for the access list and the packet stream, the average processing cost is calculated for all packets in the packet stream needed to pass through the access list in every possible permutation of the rules classes. The access list class permutation that yields the lowest average packet processing time is the best permutation possible for the particular packet stream. The problem with this method is the large number of computations required to calculate the cost of each and every permutation. In this paper we propose a method, which will reduce the time required. The calculation is hugely reduced from calculating every permutation to calculating less than the number of arrangements of the classes taken two at a time. The new method is based on identifying and eliminating the high processing cost steps of filtering. |
|
|
|
|
|
|
