Yuzhu Cheng scite author profile

To solve the problem of ambiguous attribute selection in existing decision tree classification algorithms, a decision tree construction method based on information entropy, PCMIgr, is proposed. PCMIgr is a heuristic method based on greedy strategy. At each decision tree node, when it is necessary to select classification attributes for division, the attribute with the highest information gain ratio is selected. The main innovation of this method is that the attribute selection in the traditional classification method based on decision tree is optimized, and the classification efficiency of the constructed decision tree is improved compared with that before optimization. At the same time, the decision tree ensures that each leaf node is only associated with one rule, which avoids the common problem of "rule replication" in the process of traditional decision tree construction, and effectively saves memory and calculation time. The experimental results show that the application of this method to the construction of classification decision tree can further improve the efficiency of packet classification method based on decision tree, and can be applied to high-speed real-time packet classification.

show abstract

A watermarking scheme for natural language documents

Cheng

2010

View full text Add to dashboard Cite

FPC: A new approach to firewall policies compression

Cheng

Wang

et al. 2019

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance. In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem. Second, we propose a new scheme, Firewall Policies Compression (FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules.

show abstract

MpFPC–A Parallelization Method for Fast Packet Classification

Cheng

Shi

2022

IEEE Access

View full text Add to dashboard Cite

Packet classification is the core technology of network layer and an important means to ensure the security of network system. With the rapid development of network technology, higher requirements are put forward for the speed of network packet classification. This paper improves the traditional single thread package classification framework, A new parallelization method for fast packet classification (MpFPC) based on distributed computing is proposed, the method adopts the packet classification idea based on decision tree, but compared with the traditional algorithm, a rule mapping preprocessing process is added before constructing the classification decision tree, which effectively removes the rule redundancy and conflict, so as to avoid the rule replication problem of the traditional decision-tree-based method. In addition, the method can group the rules and data packets at the same time, which improves the packet classification efficiency. Experimental results show that MpFPC method has high classification efficiency and has obvious speed advantage compared with Uscuts method with time complexity of O(klogn). In addition, the test results also show that the classification speed of MpFPC will increase with the increasing number of computing nodes, which provides a new possible way to meet the classification wire-speed requirement.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yuzhu Cheng

A new approach to designing firewall based on multidimensional matrix

PCMIgr: a fast packet classification method based on information gain ratio

A watermarking scheme for natural language documents

FPC: A new approach to firewall policies compression

MpFPC–A Parallelization Method for Fast Packet Classification

Contact Info

Product

Resources

About