Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Simple Traffic Aware Algorithm To Improve Firewall Performance
Anirudhan Sudarsan, Priya Ayyappan, Ajay Krishna Vasu, Ashwin Ganesh, Vanaja Gokul
Pages - 118 - 132     |    Revised - 07-10-2014     |    Published - 10-11-2014
Volume - 6   Issue - 6    |    Publication Date - November 2014  Table of Contents
MORE INFORMATION
KEYWORDS
Firewall, Packet Filter, Access Control List, Rule Ordering, Traffic Characteristics.
ABSTRACT
Firewalls play an extremely important role in today’s networks. They are present universally in almost every corporate network across the globe and serve to protect such networks from unauthorized access. The firewall is most commonly implemented as a packet filter. The packet filter works by comparing incoming packets against a set of predefined rules called an access control list (ACL). It is vital to improve the performance of packet filtering firewalls as much as possible. Most of the research work in this area barring a few has not focused on utilizing traffic characteristics to improve the performance of packet filters. In this paper, we propose a simple algorithm that exploits traffic behavior by utilizing incoming traffic statistics to dynamically modify rule ordering in access control lists. Hence repeated packets or multiple packets from the same source require lesser number of comparisons before a rule is matched. When testing was performed for the proposed work using both a simulated firewall and simulated traffic the performance of the firewall showed considerable improvement.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
A. Krishna and A. Victoire. “Simulation of Firewall and Comparative Study.” In Proceedings of the 3rd International conference on Electronics Computer Technology, 2011, pp. 10-14.
A. Liu, M. Gowda. “Complete Redundancy Detection in Firewalls.” Lecture Notes in Computer Science, Vol. 3654, pp 193-206, 2005.
A. Sudarsan, A. Vasu, A. Ganesh, D. Ramalingam and V. Gokul. “Performance Evaluation of Data Structures in implementing Access Control Lists.” International Journal of Computer Networks and Security, vol. 24, issue 2, pp. 1303-1308, 2014.
A. Vasu, A. Ganesh, P. Ayyappan and A. Sudarsan. “Improving Firewall Performance by Eliminating Redundancies in Access Control Lists.” International Journal of Computer Networks, vol. 6, issue 5, pp. 92-107, 2014.
A.X. Liu, E. Torng, and C. R. Meiners. “Firewall compressor: An algorithm for minimizing firewall policies.” In Proceedings of the 27th Conference on Computer Communications, 2008, pp. 176–180.
Aziz, M.Z.A., Ibrahim, M.Y., Omar, A.M., AbRahman, R., MdZan, M.M., & Yusof M.I.” Performance analysis of application layer firewall.” In Proceedings of the IEEE Symposium on Wireless Technology and Applications (ISWTA), 2012. pp 182-186.
C. Sheth and R. Thakker. “Performance evaluation and Comparative Analysis of Network Firewalls.” In Proceedings of the International Conference on devices and communication, 2011, pp 1-5.
El-Atawy A, Samak T, Al-Shaer.E & Hong Li. “Using online traffic statistical matching for optimizing packet filtering performance.” In Proceedings of the 26th IEEE International Conference on Computer Communications, 2007, pp 866-874.
H. Hamed, A. El-Atawy & E. Al-Shaer. “Adaptive Statistical Optimization Techniques for Firewall Packet Filtering.” In Proceedings of the 25th IEEE International Conference on Computer Communications, 2006, pp 1-12.
H. Hamed, A. El-Atawy & E. Al-Shaer. “On Dynamic Optimization of Packet Matching in High-Speed Firewalls.” IEEE Journal on Selected Areas in Communications, vol. 24, issue 10, pp. 1817-1830, 2006.
H. Ling-Fang. “The Firewall Technology Study of Network Perimeter Security.” In Proceedings of the IEEE Asia-Pacific Services Computing Conference, 2012, pp. 410- 413.
H. Mao, L. Zhu and M. Li. “Current State and Future Development Trend of Firewall Technology.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
I. Mothersole and M. Reed. “Optimizing Rule Order for a Packet Filtering Firewall.” In Proceedings of the Conference on Network and Information Systems Security (SAR-SSI), 2011, pp. 1-6.
K. Scarfone and P. Hoffman. (2009) “Guidelines on Firewalls and Firewall Policy.” U.S.A.: National Institute of Standards and Technology.
L. Zhu, H. Mao and H. Qin. “A case study on Access Control Rules Design and Implementation of Firewall.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012 pp. 1-4.
T. Lammle. CCNA Routing and Switching Study Guide. Indianapolis, Indiana: Sybex, 2013, pp. 501-528.
Z. Trabelsi & S. Zeidan. “Multilevel Early Packet Filtering Technique based on Traffic Statistics and Splay Trees for Firewall performance improvement.” In Proceedings of the IEEE International Conference on Communications (ICC), 2012, pp 1074-1078.
Z. Trabelsi, H. El Sayed & Zeidan. “Firewall packet matching optimization using network traffic behavior and packet matching statistics.” In Proceedings of the Third International Conference Communications and Networking (ComNet), 2012, pp 1-7.
Z. Trabelsi, L. Zhang & S. Zeidan. “Packet flow histogram to improve firewall efficiency.” In Proceedings of the 8th International Conference on Information, Communication and Signal Processing, 2011, pp 1-5.
Mr. Anirudhan Sudarsan
Sri Venkateswara College of Engineering - India
anirudhan.sudarsan@gmail.com
Miss Priya Ayyappan
Sri Venkateswara College of Engineering - India
Mr. Ajay Krishna Vasu
Sri Venkateswara College of Engineering - India
Mr. Ashwin Ganesh
Sri Venkateswara College of Engineering - India
Mr. Vanaja Gokul
Sri Venkateswara College of Engineering - India


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS