TY - JOUR
T1 - Hybrid mechanism towards network packet early acceptance and rejection for unified threat management
AU - Trabelsi, Zouheir
AU - Zeidan, Safaa
AU - Masud, Mohammad M.
N1 - Publisher Copyright:
© The Institution of Engineering and Technology 2016.
PY - 2017/3/1
Y1 - 2017/3/1
N2 - Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just 'attached or added on'. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.
AB - Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just 'attached or added on'. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.
UR - http://www.scopus.com/inward/record.url?scp=85014731209&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85014731209&partnerID=8YFLogxK
U2 - 10.1049/iet-ifs.2015.0246
DO - 10.1049/iet-ifs.2015.0246
M3 - Article
AN - SCOPUS:85014731209
SN - 1751-8709
VL - 11
SP - 104
EP - 113
JO - IET Information Security
JF - IET Information Security
IS - 2
ER -