Abstract
Internet protocol (IP) packet filtering as a firewall (FW) technology is one of the most widely researched networks functions over the past two decades. IP packet filtering is the process of filtering incoming and outgoing network packets by matching several packet headers fields with thousands of predefined filters known as filter-set. With the development of modern network technologies such as software-defined networking (SDN) and the increase in attacks threatening network security, attention has become focused on IP packet filtering. With the growing size and number of filter-sets, it becomes a challenge to perform IP packet filtering at wire-speed. In this paper, a new method is proposed for IP packet filtering, where two data structures were combined to produce a new data structure suitable for IP packet filtering with high performance and support dynamic access to filters as well as support approximate membership query. Experimental results show that the proposed method has a high throughput of 10.8 mega packets per second (MPpS) with high filtering accuracy and low memory requirements to working on big filter-sets (up to 1 mega filters).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Bulletin of Electrical Engineering and Informatics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
