Using online traffic statistical matching for optimizing packet filtering performance

Packet classification plays a critical role in many of the current networking technologies, and efficient yet lightweight packet classification techniques are highly crucial for their successful deployment. Most of the current packet classification techniques exploit the characteristics of classification policies, without considering the traffic behavior in optimizing their search data structures. In this paper, we present novel techniques that utilize traffic characteristics coupled with careful analysis of the policy to obtain adaptive methods that can accommodate varying traffic statistics while maintaining a high throughput. The first technique uses segmentation of the traffic space to achieve disjoint subsets of traffic properties and build bounded depth Huffman trees using the statistics collected for these segments. The second technique simplifies the structure maintenance by keeping the segments ordered in a most-recently-used (MRU) list instead of a tree. The techniques are evaluated and their performance are compared. Moreover, attacks targeting the firewall performance are discussed and corresponding protection schemes are presented.