Article

Fast and Scalable Conflict Detection for Packet Classifiers

Authors:

Florin Baboescu,

George VargheseAuthors Info & Claims

ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols

Pages 270 - 279

Published: 12 November 2002 Publication History

Publisher Site

Abstract

Packet filters provide roles for classifying packets based on header fields. High speed packet classification has received much study. However, the twin problems of fast updates and fast conflict detection have not received much attention. A conflict occurs when two classifiers overlap, potentially creating ambiguity for packets that match both filters. For example, if Rule 1 specifies that all packets going to CNN be rote controlled and Rule 2 specifies that all packets coming from Walmart be given high priority, the roles conflict for traffic from Walmart to CNN. There has been prior work on efficient conflict detection for two dimensional classifiers. However, the best known algorithm for conflict detection for geneml classifiers is the naive O(N2) algorithm of comparing each pair of rules for a conflict. In this paper, we describe an efficient and scalable conflict detection algorithm for the general casethat is significantly faster. For example, for a database of 20,000 roles, our algorithm is 40 times faster. than the naive implementation. Even without considering conflicts, our algorithm also provides a packet classifier with fast updates and fast lookups that can be used for stateful packet filtering.

Cited By

View all

Abbes TBouhoula ARusinowitch M(2016)Detection of firewall configuration errors with updatable treeInternational Journal of Information Security10.1007/s10207-015-0290-015:3(301-317)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s10207-015-0290-0
Chen FLiu AHwang JXie T(2012)First step towards automatic correction of firewall policy faultsACM Transactions on Autonomous and Adaptive Systems10.1145/2240166.22401777:2(1-24)Online publication date: 30-Jul-2012
https://dl.acm.org/doi/10.1145/2240166.2240177
Beyene YFaloutsos MMadhyastha H(2012)SyFiProceedings of the 13th international conference on Passive and Active Measurement10.1007/978-3-642-28537-0_8(74-84)Online publication date: 12-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28537-0_8
Show More Cited By

Fast and Scalable Conflict Detection for Packet Classifiers
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning

Recommendations

Fast and scalable conflict detection for packet classifiers

Packet filters provide rules for classifying packets based on header fields. High speed packet classification has received much study. However, the twin problems of fast updates and fast conflict detection have not received much attention. A conflict ...
A fast and scalable conflict detection algorithm for packet classifiers
ISPA'05: Proceedings of the Third international conference on Parallel and Distributed Processing and Applications

Packet filters are rules for classifying packets based on their header fields. A filter conflict occurs when two or more filters overlap, creating an ambiguity in packet classification. There has been prior works on conflict detection for multi-...
A Sorted-Partitioning Approach to Fast and Scalable Dynamic Packet Classification

The advent of software-defined networking SDN leads to two key challenges for packet classification on the dramatically increased dynamism and dimensionality. Although packet classification is a well-studied problem, no existing solution satisfies these ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols

November 2002

339 pages

ISBN:0769518567

Publisher

IEEE Computer Society

United States

Publication History

Published: 12 November 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Abbes TBouhoula ARusinowitch M(2016)Detection of firewall configuration errors with updatable treeInternational Journal of Information Security10.1007/s10207-015-0290-015:3(301-317)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s10207-015-0290-0
Chen FLiu AHwang JXie T(2012)First step towards automatic correction of firewall policy faultsACM Transactions on Autonomous and Adaptive Systems10.1145/2240166.22401777:2(1-24)Online publication date: 30-Jul-2012
https://dl.acm.org/doi/10.1145/2240166.2240177
Beyene YFaloutsos MMadhyastha H(2012)SyFiProceedings of the 13th international conference on Passive and Active Measurement10.1007/978-3-642-28537-0_8(74-84)Online publication date: 12-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28537-0_8
Brodecki BBrzeziński JSasak PSzychowiak M(2011)Modality conflict discovery for SOA security policiesProceedings of the 9th international conference on Advanced parallel processing technologies10.5555/2042522.2042531(112-126)Online publication date: 26-Sep-2011
https://dl.acm.org/doi/10.5555/2042522.2042531
Brodecki BBrzeziński JSasak PSzychowiak M(2011)Consistency maintenance of modern security policiesProceedings of the 2011 international conference on Advanced Computing, Networking and Security10.1007/978-3-642-29280-4_55(472-477)Online publication date: 16-Dec-2011
https://dl.acm.org/doi/10.1007/978-3-642-29280-4_55
Chen FLiu AHwang JXie TVan Drunen R(2010)First step towards automatic correction of firewall policy faultsProceedings of the 24th international conference on Large installation system administration10.5555/1924976.1924982(1-8)Online publication date: 7-Nov-2010
https://dl.acm.org/doi/10.5555/1924976.1924982
Ahmed ZImine ARusinowitch M(2010)Safe and efficient strategies for updating firewall policiesProceedings of the 7th international conference on Trust, privacy and security in digital business10.5555/1894888.1894895(45-57)Online publication date: 30-Aug-2010
https://dl.acm.org/doi/10.5555/1894888.1894895
Liu A(2009)Firewall policy verification and troubleshootingComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2009.07.00353:16(2800-2809)Online publication date: 1-Nov-2009
https://dl.acm.org/doi/10.1016/j.comnet.2009.07.003
Liu A(2008)Firewall policy change-impact analysisACM Transactions on Internet Technology10.1145/2109211.210921211:4(1-24)Online publication date: 23-Mar-2008
https://dl.acm.org/doi/10.1145/2109211.2109212
Abbes TBouhoula ARusinowitch MWainwright RHaddad H(2008)An inference system for detecting firewall filtering rules anomaliesProceedings of the 2008 ACM symposium on Applied computing10.1145/1363686.1364197(2122-2128)Online publication date: 16-Mar-2008
https://dl.acm.org/doi/10.1145/1363686.1364197
Show More Cited By

Abstract

Cited By

Recommendations