slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
OPTWALL PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 1

OPTWALL - PowerPoint PPT Presentation

  • Uploaded on

OPTWALL: A Hierarchical Traffic-Aware Firewall. Mehmud Abliz, Subrata Acharya, Bryan Mills, Taieb Znati University of Pittsburgh, PA. Albert Greenberg, Microsoft Research, WA Jia Wang, Zihui Ge, AT&T Research, NJ. Introduction

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'OPTWALL' - jaron

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

OPTWALL: A Hierarchical Traffic-Aware Firewall

Mehmud Abliz, Subrata Acharya, Bryan Mills, Taieb ZnatiUniversity of Pittsburgh, PA

Albert Greenberg, Microsoft Research, WA

Jia Wang, Zihui Ge, AT&T Research, NJ

  • Introduction
  • The overall efficiency, reliability, and availability of a firewall is crucial in enforcing and administrating security.
  • The continuous growth of the Internet, coupled with increasing sophistication of the attacks, is placing stringent performance demands of firewall.

Main approach for improving firewalls – rule optimization. Yet optimizing firewalls is hard, because

    • NP hard problem, hence not suitable for large number of rules
    • Need to maintain policy integrity



Splits rule set hierarchically into multiple rule sets to reduce the average time for matching a packet to a rule.

Provides an adaptation scheme which can dynamically change priority of a rule based on the traffic.

How does a typical firewall works

A typical present day firewall enforces its security policies via a set of multi-dimensional packet filters (usually a list of rules). Traffic gets filtered by this list following the “first hit” principle.

  • OPTWALLSplitting Approaches
  • Optimal Approach (A*)
  • Heuristic Solution (Greedy)
      • Initial filter determination
        • Hit count - Hit count
        • Hit count – Maximum distance
        • Random – Random
        • Maximum distance – Maximum distance
  • Our Goal
  • Improve the performance of firewall via
  • Reducing the average time the firewall spend on matching a packet to a rule in its rule set
  • Preserve the semantics of the original rule set
  • Efficiently prevent attacks, especially denial of service attack, via maintaining the optimality of the rule set as traffic patterns and rule sets change
  • Conclusion
  • Study the problem of decentralized multi- dimensional firewall optimization
  • Present OPTWALL, a hierarchical traffic aware framework for firewall optimization
  • Adaptive anomaly detection/counteraction mechanism
  • Nearly 35% improvement in operational cost of firewalls in worst case for a heavily loaded firewall operation
  • Evaluation Metric
  • Cost of a rulei
      • cost (rulei) = hit-count (rulei) * sum (size ( rulei)...size (rulei-1))

This work has been accepted to NDSS 2007. Poster designed by Mehmud Abliz.