摘要
为解决包过滤防火墙规则数目不断增加导致的存储空间膨胀和过滤速度降低的问题,提出一种基于有序二叉决策图与线性列表的混合结构(OBDD-LIST)的批处理包过滤防火墙算法.首先依据规则各域的特征属性对规则筛选分类,并使用位级别压缩的方式重新设计防火墙的规则库;然后基于连续传入的数据包包头信息具有相似性的特征,利用有序二叉决策图无冗余、无回溯的优势,采用批处理的思想过滤数据包;最后,通过开源软件Class Bench生成的高仿真数据包进行了仿真实验,证明本文算法在存储空间、匹配速率上具有较大的优势,有效提高了防火墙的性能.
In order to solve the problem of storage space expansion and filtration rate reduction that caused by creasing number of packet filtering firewall rules,an algorithm of batching packet filter firewall based on symbolic OBDD-LIST is proposed in this paper. First, sorting rules by the characteristic properties of each fields; and then, the bit-level compression method is used to redesigned firewall rule base. The thought of batch packet is proposed, considering by the continuous incoming packet header information has same characteristics and the advantages of noredundancy and no-backtracking of OBDD. Finally, simulation experiments which by the high simulation data packet that generated by the open source software ClassBench, verify the advantages of the proposed method on the storage space and matching rate that effectively improve the performance of the firewall.
出处
《小型微型计算机系统》
CSCD
北大核心
2017年第5期1013-1016,共4页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61262030
61572146
61363030)资助
广西自然科学(2015GXNSFAA139285
2014GXNSFAA118354)资助
