基于密码杂凑函数的安全规则匹配优化算法

随着防火墙、入侵防御系统等网络安全规则数目的快速增长，规则匹配效率成为影响网络安全设备性能的一个瓶颈。基于密码杂凑算法的随机性、低碰撞性等良好特性，设计了一种用于防火墙等网络安全设备的安全规则匹配算法。通过调整密码杂凑算法轮数、存储空间大小等参数，达到存储空间资源占用与实现效率的平衡。分析了规则数目、存储空间大小和发生碰撞概率之间的关系，以及软硬件实现的速度。该方案比以前的简单哈希算法碰撞概率低，适用于高性能防火墙等网络安全设备的性能优化和效率提升。

Optimized Security Rules Matching Algorithm Based on Cryptographic Hash Function

With the rapid progress of firewalls， intrusion protection systems and other network security systems， the efficiency of security rules matching has been a crucial bottleneck of network security devices’ performance. Based on the randomness and collision resistance property of cryptographic hash algorithms， we propose an optimized security rules matching algorithm for network security devices such as firewalls. By adjusting the parameters such as the number of rounds in SM3 hash algorithm and the size of storage space， we can achieve a balance of storage space and computational efficiency. The relation of the number of security rules， the size of storage space and the probability of collisions are analyzed. This algorithm has a lower collision probability and better randomness than the previous simple hash algorithms. This algorithm can be used to improve the performance and implementation efficiency of network security devices such as firewalls.