This article is dedicated to the analysis list of a set of rules to traffic filtering, which is a multi-dimensional structure, where each dimension is a set of networking field or the field of action, measuring the cost of the rules to traffic filtering on computer networks, allowing to determine the difference between definition of the rules and the control of the packet fields. Furthermore, the article were considered a hierarchical model to optimize traffic filtering, which reduces the

more »

... ad traffic filtering rules and provides the semantic integrity of the original set of rules to traffic filtering. The hierarchical structure of the design and optimization of traffic filtering was researched. And also was developed the hierarchical approach to optimize traffic filtering for reducing set of rules traffic filtering. Analyzed the algorithm optimal solutions and algorithm of random search filters that, allowing you to find the shortest way to a set of rules to traffic filtering. Moreover, in this article was presented the effectiveness evaluation of the process accelerating traffic filtering proposed by HAOTF. Keywords Traffic Filtering, Hierarchical Structure, Model, HAOTF, Heuristic Method * Corresponding author. K. M. Malikovich et al. 69 pology and bandwidth demand, traffic filtering becomes a vulnerable point. All these factors create a demand for the most efficient, high-performance, affordable and reliable traffic filtering in Firewalls. Nowadays, Firewall enforces security policy with a set of multi-dimensional traffic filtering rules. Information security policy in networks is a very important task to speed up traffic filtering. In addition, with the increase in capacity of existing networks for processing and forwarding traffic at extremely high speed, Firewalls are very limited resources. Thus, the main objective is to overcome the drawbacks of the current traffic filtering and enhance their ability to dynamic changes in the load and network topology, especially in attack. The main objective of these rules to maintain the semantic integrity policy established at each level of hierarchical models. List a Set of Traffic Filtering Rules Security rule is a multidimensional structure, where each dimension is a set of network fields or field of action. A set of rules defines a security policy that traffic filtering. Rules define by a set of IP-source address and a set of destination IP-address a variety of service types and fields of action. The type of service usually includes a main type of protocol and port number. Field of action can either accept or refuse or direct. Take action allows access packet in a secure domain. Disclaimer action causes the packet, in violation of security policy. Formal rules R can be represented as: