Visible to the public A Rule Reordering Method via Pairing Dependent Rules

TitleA Rule Reordering Method via Pairing Dependent Rules
Publication TypeConference Paper
Year of Publication2020
AuthorsHarada, T., Tanaka, K., Ogasawara, R., Mikawa, K.
Conference Name2020 IEEE Conference on Communications and Network Security (CNS)
Date Publishedjun
KeywordsCommunication networks, Conferences, Heuristic algorithms, heuristics, Information services, merging, optimal rule ordering, Optimization, packet classification, predictability, pubcrawl, Resiliency, Scalability, security, Security Heuristics
AbstractPacket classification is used to determine the behavior of incoming packets to network devices. Because it is achieved using a linear search on a classification rule list, a larger number of rules leads to a longer communication latency. To decrease this latency, the problem is generalized as Optimal Rule Ordering (ORO), which aims to identify the order of rules that minimizes the classification latency caused by packet classification while preserving the classification policy. Because ORO is known to be NP-complete by Hamed and Al-Shaer [Dynamic rule-ordering optimization for high-speed firewall filtering, ASIACCS (2006) 332-342], various heuristics for ORO have been proposed. Sub-graph merging (SGM) by Tapdiya and Fulp [Towards optimal firewall rule ordering utilizing directed acyclical graphs, ICCCN (2009) 1-6] is the state of the art heuristic algorithm for ORO. In this paper, we propose a novel heuristic method for ORO. Although most heuristics try to recursively determine the maximum-weight rule and move it as far as possible to an upper position, our algorithm pairs rules that cause policy violations until there are no such rules to simply sort the rules by these weights. Our algorithm markedly decreases the classification latency and reordering time compared with SGM in experiments. The sets consisting of thousands of rules that require one or more hours for reordering by SGM can be reordered by the proposed method within one minute.
DOI10.1109/CNS48642.2020.9162170
Citation Keyharada_rule_2020