The challenge to address in multi-firewall and security gateway environment is to implement conflict-free policies, necessary to avoid security inconsistency, and to optimize, at the same time, performances in term of average filtering time, in order to make firewalls stronger against DoS and DDoS attacks. Additionally the approach should be real time, based on the characteristics of network traffic. Our work defines an algorithm to find conflict free optimized device rule sets in real time, by relying on information gathered from traffic analysis. We show results obtained from our test environment demonstrating for computational power savings up to 24% with fully conflict free device policies. © 2009 Springer-Verlag Berlin Heidelberg.
Automated framework for policy optimization in firewalls and security gateways / Maiolini, G; Cignini, L; Baiocchi, Andrea. - 4516 LNCS:(2008), pp. 131-138. (Intervento presentato al convegno International Workshop on Computational Intelligence in Security for Information Systems - CISIS'08 tenutosi a Genova) [10.1007/978-3-540-88181-0_17].
Automated framework for policy optimization in firewalls and security gateways
BAIOCCHI, Andrea
2008
Abstract
The challenge to address in multi-firewall and security gateway environment is to implement conflict-free policies, necessary to avoid security inconsistency, and to optimize, at the same time, performances in term of average filtering time, in order to make firewalls stronger against DoS and DDoS attacks. Additionally the approach should be real time, based on the characteristics of network traffic. Our work defines an algorithm to find conflict free optimized device rule sets in real time, by relying on information gathered from traffic analysis. We show results obtained from our test environment demonstrating for computational power savings up to 24% with fully conflict free device policies. © 2009 Springer-Verlag Berlin Heidelberg.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.