Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(361.5KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
A Simple Traffic Aware Algorithm To Improve Firewall Performance
Anirudhan Sudarsan, Priya Ayyappan, Ajay Krishna Vasu, Ashwin Ganesh, Vanaja Gokul
Pages - 118 - 132     |    Revised - 07-10-2014     |    Published - 10-11-2014
Volume - 6   Issue - 6    |    Publication Date - November 2014  Table of Contents
MORE INFORMATION
KEYWORDS
Firewall, Packet Filter, Access Control List, Rule Ordering, Traffic Characteristics.
ABSTRACT
Firewalls play an extremely important role in today’s networks. They are present universally in almost every corporate network across the globe and serve to protect such networks from unauthorized access. The firewall is most commonly implemented as a packet filter. The packet filter works by comparing incoming packets against a set of predefined rules called an access control list (ACL). It is vital to improve the performance of packet filtering firewalls as much as possible. Most of the research work in this area barring a few has not focused on utilizing traffic characteristics to improve the performance of packet filters. In this paper, we propose a simple algorithm that exploits traffic behavior by utilizing incoming traffic statistics to dynamically modify rule ordering in access control lists. Hence repeated packets or multiple packets from the same source require lesser number of comparisons before a rule is matched. When testing was performed for the proposed work using both a simulated firewall and simulated traffic the performance of the firewall showed considerable improvement.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
1 H. Ling-Fang. “The Firewall Technology Study of Network Perimeter Security.” In Proceedings of the IEEE Asia-Pacific Services Computing Conference, 2012, pp. 410- 413.
2 A. Liu, M. Gowda. “Complete Redundancy Detection in Firewalls.” Lecture Notes in Computer Science, Vol. 3654, pp 193-206, 2005.
3 K. Scarfone and P. Hoffman. (2009) “Guidelines on Firewalls and Firewall Policy.” U.S.A.: National Institute of Standards and Technology.
4 H. Mao, L. Zhu and M. Li. “Current State and Future Development Trend of Firewall Technology.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
5 L. Zhu, H. Mao and H. Qin. “A case study on Access Control Rules Design and Implementation of Firewall.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012 pp. 1-4.
6 A. Krishna and A. Victoire. “Simulation of Firewall and Comparative Study.” In Proceedings of the 3rd International conference on Electronics Computer Technology, 2011, pp. 10-14.
7 Aziz, M.Z.A., Ibrahim, M.Y., Omar, A.M., AbRahman, R., MdZan, M.M., & Yusof M.I.” Performance analysis of application layer firewall.” In Proceedings of the IEEE Symposium on Wireless Technology and Applications (ISWTA), 2012. pp 182-186.
8 I. Mothersole and M. Reed. “Optimizing Rule Order for a Packet Filtering Firewall.” In Proceedings of the Conference on Network and Information Systems Security (SAR-SSI), 2011, pp. 1-6.
9 C. Sheth and R. Thakker. “Performance evaluation and Comparative Analysis of Network Firewalls.” In Proceedings of the International Conference on devices and communication, 2011, pp 1-5.
10 T. Lammle. CCNA Routing and Switching Study Guide. Indianapolis, Indiana: Sybex, 2013, pp. 501-528.
11 H. Hamed, A. El-Atawy & E. Al-Shaer. “Adaptive Statistical Optimization Techniques for Firewall Packet Filtering.” In Proceedings of the 25th IEEE International Conference on Computer Communications, 2006, pp 1-12.
12 A.X. Liu, E. Torng, and C. R. Meiners. “Firewall compressor: An algorithm for minimizing firewall policies.” In Proceedings of the 27th Conference on Computer Communications, 2008, pp. 176–180.
13 Z. Trabelsi & S. Zeidan. “Multilevel Early Packet Filtering Technique based on Traffic Statistics and Splay Trees for Firewall performance improvement.” In Proceedings of the IEEE International Conference on Communications (ICC), 2012, pp 1074-1078.
14 Z. Trabelsi, L. Zhang & S. Zeidan. “Packet flow histogram to improve firewall efficiency.” In Proceedings of the 8th International Conference on Information, Communication and Signal Processing, 2011, pp 1-5.
15 Z. Trabelsi, H. El Sayed & Zeidan. “Firewall packet matching optimization using network traffic behavior and packet matching statistics.” In Proceedings of the Third International Conference Communications and Networking (ComNet), 2012, pp 1-7.
16 H. Hamed, A. El-Atawy & E. Al-Shaer. “On Dynamic Optimization of Packet Matching in High-Speed Firewalls.” IEEE Journal on Selected Areas in Communications, vol. 24, issue 10, pp. 1817-1830, 2006.
17 El-Atawy A, Samak T, Al-Shaer.E & Hong Li. “Using online traffic statistical matching for optimizing packet filtering performance.” In Proceedings of the 26th IEEE International Conference on Computer Communications, 2007, pp 866-874.
18 A. Vasu, A. Ganesh, P. Ayyappan and A. Sudarsan. “Improving Firewall Performance by Eliminating Redundancies in Access Control Lists.” International Journal of Computer Networks, vol. 6, issue 5, pp. 92-107, 2014.
19 A. Sudarsan, A. Vasu, A. Ganesh, D. Ramalingam and V. Gokul. “Performance Evaluation of Data Structures in implementing Access Control Lists.” International Journal of Computer Networks and Security, vol. 24, issue 2, pp. 1303-1308, 2014.
Mr. Anirudhan Sudarsan
Sri Venkateswara College of Engineering - India
anirudhan.sudarsan@gmail.com
Miss Priya Ayyappan
Sri Venkateswara College of Engineering - India
Mr. Ajay Krishna Vasu
Sri Venkateswara College of Engineering - India
Mr. Ashwin Ganesh
Sri Venkateswara College of Engineering - India
Mr. Vanaja Gokul
Sri Venkateswara College of Engineering - India