TY - JOUR
T1 - Dynamic traffic awareness statistical model for firewall performance enhancement
AU - Trabelsi, Zouheir
AU - Zhang, Liren
AU - Zeidan, Safaa
AU - Ghoudi, Kilani
N1 - Funding Information:
The authors acknowledge the support of NRF Foundation through research grant no. 21T023 and Emirates Foundation through research grant no. 2011/161 .
PY - 2013
Y1 - 2013
N2 - Firewall is considered to be one of the most important security components in today's IP network architectures. Firewall performance has a significant impact on the overall network performance. In this paper, we propose a mechanism to improve firewall performance, using network traffic behavior and packet filtering statistics. Upon certain threshold qualification (Chi-square test), the proposed mechanism allows optimizing the filtering rules order and their corresponding fields order according to the divergence of the traffic behavior. That is, if the firewall system is stable, then the same current filtering rules and/or rule-fields orders are used for filtering the next network traffic window. Otherwise, an update of the filtering rules and/or rule-fields orders is required for filtering the next network traffic window. The numerical results obtained by simulation demonstrate that the proposed mechanism allow to improve significantly the firewall performance in terms of cumulative packet processing time even for small security policies. This improvement is a result of the minimization of the overhead corresponding to the frequency of updating the rule/field structures, as well as of using the optimum traffic window size.
AB - Firewall is considered to be one of the most important security components in today's IP network architectures. Firewall performance has a significant impact on the overall network performance. In this paper, we propose a mechanism to improve firewall performance, using network traffic behavior and packet filtering statistics. Upon certain threshold qualification (Chi-square test), the proposed mechanism allows optimizing the filtering rules order and their corresponding fields order according to the divergence of the traffic behavior. That is, if the firewall system is stable, then the same current filtering rules and/or rule-fields orders are used for filtering the next network traffic window. Otherwise, an update of the filtering rules and/or rule-fields orders is required for filtering the next network traffic window. The numerical results obtained by simulation demonstrate that the proposed mechanism allow to improve significantly the firewall performance in terms of cumulative packet processing time even for small security policies. This improvement is a result of the minimization of the overhead corresponding to the frequency of updating the rule/field structures, as well as of using the optimum traffic window size.
KW - Chi-square test
KW - Filtering rule order
KW - Firewall performance
KW - Packet filtering
KW - Rule-fields order
KW - System stability
KW - Window size
UR - http://www.scopus.com/inward/record.url?scp=84888867832&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888867832&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2013.07.001
DO - 10.1016/j.cose.2013.07.001
M3 - Article
AN - SCOPUS:84888867832
SN - 0167-4048
VL - 39
SP - 160
EP - 172
JO - Computers and Security
JF - Computers and Security
IS - PART B
ER -