Thawatchai Chomsiri
A Stateful Mechanism for the Tree-Rule Firewall
Chomsiri, Thawatchai; He, Xiangjian; Nanda, Priyadarsi; Tan, Zhiyuan
Abstract
In this paper, we propose a novel connection tracking mechanism for Tree-rule firewall which essentially organizes firewall rules in a designated Tree structure. A new firewall model based on the proposed connection tracking mechanism is then developed and extended from the basic model of Net filter's Conn Track module, which has been used by many early generation commercial and open source firewalls including IPTABLES, the most popular firewall. To reduce the consumption of memory space and processing time, our proposed model uses one node per connection instead of using two nodes as appeared in Net filter model. This can reduce memory space and processing time. In addition, we introduce an extended hash table with more hashing bits in our firewall model in order to accommodate more concurrent connections. Moreover, our model also applies sophisticated techniques (such as using static information nodes, and avoiding timer objects and memory management tasks) to improve its processing speed. Finally, we implement this model on Linux Cent OS 6.3 and evaluate its speed. The experimental results show that our model performs more efficiently in comparison with the Net filter/IPTABLES.
Citation
Chomsiri, T., He, X., Nanda, P., & Tan, Z. (2014, September). A Stateful Mechanism for the Tree-Rule Firewall. Presented at 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications |
| Start Date | Sep 24, 2014 |
| End Date | Sep 26, 2014 |
| Publication Date | 2014-09 |
| Deposit Date | Nov 22, 2016 |
| Pages | 122-129 |
| Book Title | 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications |
| ISBN | 9781479965137 |
| DOI | https://doi.org/10.1109/trustcom.2014.20 |
| Keywords | Network security, firewall, tree-rule firewall, stateful firewall, connection tracking |
| Public URL | http://researchrepository.napier.ac.uk/Output/429190 |
You might also like
A Lightweight Image Steganography Scheme Based on Invertible Neural Network Architecture with Progressive Channel Attention
(2025)
Presentation / Conference Contribution
Multi-Objective Evolutionary Algorithm for Automatic Generation of Adversarial Metamorphic Malware
(2025)
Presentation / Conference Contribution
Multiagent Deep-Reinforcement-Learning-Based Cooperative Perception and Computation in VEC
(2025)
Journal Article
Dynamic Caching Dependency-Aware Task Offloading in Mobile EdgeComputing
(2025)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search