Hybrid mechanism towards network packet early acceptance and rejection for unified threat management

Hybrid mechanism towards network packet early acceptance and rejection for unified threat management

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just ‘attached or added on’. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.


    1. 1)
      • 1. Aho, A.V., Corasick, M.J.: ‘Efficient string matching: an aid to bibliographic search’, Commun. ACM, 1975, 18, (6), pp. 333340.
    2. 2)
      • 2. Commentz-Walter, B.: ‘A string matching algorithm fast on the average’. Proc. ICALP, 1979, pp. 118132.
    3. 3)
      • 3. Knuth, D.: ‘The art of computer programming: semi-numerical algorithms’ (Addison-Wesley, 1997), vol. 2, 3rd edn., ISBN: 0-201-89684- 2.
    4. 4)
      • 4. Boyer, R.S., Strother Moore, J.: ‘A fast string searching algorithm’, Commun. ACM, 1977, 0, (10), pp. 76172.
    5. 5)
      • 5. Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., et al: ‘Deep packet inspection using parallel bloom filters’, IEEE Micro, 2004, 24, (1), pp. 5261.
    6. 6)
      • 6. Taylor, D.E.: ‘Survey and taxonomy of packet classification techniques’, ACM Comput. Surv., 2005, 37, (3), pp. 238275.
    7. 7)
      • 7. Fang, Y., Katz, R.H., Lakshman, T.V.: ‘Gigabit rate packet pattern-matching using TCAM’. ICNP, 2004, pp. 174183.
    8. 8)
      • 8. Hamed, H., El-Atawy, A., Al-Shaer, E.: ‘On dynamic optimization of packet matching in high-speed firewalls’, IEEE Sel J. Areas Commun., 2006, 24, (10), pp. 18171830.
    9. 9)
      • 9. Hamed, H., El-Atawy, A., Al-Shaer, E.: ‘Adaptive statistical optimization techniques for firewall packet filtering’. IEEE INFOCOM'06, April 2006.
    10. 10)
      • 10. Al-Shear, E., El-Atawy, A., Tran, T.: ‘Adaptive early packet filtering for defending firewalls against DoS attack’. Proc. IEEE INFOCOM, 2009, pp. 19.
    11. 11)
      • 11. Trabelsi, Z., Zhang, L., Zeidan, S.: ‘Packet flow histograms to improve firewall efficiency’. ICICS, December 2011.
    12. 12)
      • 12. Trabelsi, Z., Zhang, L., Zeidan, S.: ‘Dynamic rule and rule-field orders optimization for improving firewall performance and security’, IET Inf. Secur. J., 2013, 8, (4), pp. 250257.
    13. 13)
      • 13. Trabelsi, Z., Zhang, L., Zeidan, S., et al: ‘Dynamic traffic awareness statistical model for firewall performance enhancement’, Elsevier Comput. Secur., 2013, 39, pp. 160172.
    14. 14)
      • 14. Neji, N., Bouhououla, A.: ‘Dynamic scheme for packet classification using splay trees’. Inf. Assur. Secur. J., 2009, 4, pp. 133141.
    15. 15)
      • 15. Trabelsi, Z., Zeidan, S.: ‘Multilevel early packet filtering technique based on traffic statistics and splay trees for firewall performance improvement’. IEEE, ICC CISS, 2012, pp. 10741078.
    16. 16)
      • 16. Song, T., Zhang, W., Wang, D., et al: ‘A memory efficient multiple pattern matching architecture for network security’. IEEE INFOCOM 2008 Proc., 2008.
    17. 17)
      • 17. Stevens, M.: ‘UTM: one-stop protection’, Netw. Secur., 2006, 2006, (2), pp. 1214.
    18. 18)
      • 18. Qi, Y., Yang, B., Xu, B., et al: ‘Towards system-level optimization for high performance unified threat management’. Proc. Int. Conf. on Networking and Services, 2007.
    19. 19)
      • 19. Alfaro, J., Boulahia-Cuppens, N., Cuppens, F.: ‘Complete analysis of configuration rules to guarantee reliable network security policies’, Int. J. Inf. Secur., 2008, 7, (2), pp. 103122.
    20. 20)
      • 20. Waldvogel, M., Varghese, G., Turner, J., et al: ‘Scalable high speed IP routing lookups’. Proc. ACM SIGCOMM (SIGCOMM ‘97), 1997, pp. 2536.
    21. 21)
      • 21.
    22. 22)
      • 22.

Related content

This is a required field
Please enter a valid email address