Design a Security Firewall Policy to Filter Incoming Traffic in Packet Switched Networks Using Classification Methods

Shirin Bateni, Ali Asghar Khavasi


Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets.


Firewall. Denial of service attacks. Machine learning. Classification.

Full Text:



Al-Shaer, E. (2014). Classification and Discovery of Firewalls Policy Anomalies Automated Firewall Analytics (pp. 1-24): Springer.

Alcock, S., Lorier, P., & Nelson, R. (2012). Libtrace: a packet capture and analysis library. ACM SIGCOMM Computer Communication Review, 42(2), 42-48.

Antikainen, M., Aura, T., & Särelä, M. (2014). Denial-of-service attacks in Bloom-filter-based forwarding. IEEE/ACM Transactions on Networking (TON), 22(5), 1463-1476.

Bogdanoski, M., Suminoski, T., & Risteski, A. (2013). Analysis of the SYN Flood DoS Attack. International Journal of Computer Network and Information Security (IJCNIS), 5(8), 1-11.

Brownlee, N., Mills, C., & Ruth, G. (1999). Traffic flow measurement: Architecture. Traffic.

Brownlee, N., Mills, C., & Ruth, G. (1999). Traffic flow measurement: architecture (RFC 2722). Outubro.

Callado, A., Kamienski, C., Szabó, G., Gerö, B. P., Kelner, J., Fernandes, S., & Sadok, D. (2009). A survey on internet traffic identification. Communications Surveys & Tutorials, IEEE, 11(3), 37-52.

Cireşan, D., Meier, U., Masci, J., & Schmidhuber, J. (2012). Multi-column deep neural network for traffic sign classification. Neural Networks, 32, 333-338.

Darwish, M., Ouda, A., & Capretz, L. F. (2013). Cloud-based DDoS attacks and defenses. Paper presented at the Information Society (i-Society), 2013 International Conference on.

Eckhardt, J., Mühlbauer, T., AlTurki, M., Meseguer, J., & Wirsing, M. (2012). Stable availability under denial of service attacks through formal patterns Fundamental Approaches to Software Engineering (pp. 78-93): Springer.

Fiandrotti, A., Gaeta, R., & Grangetto, M. (2015). Simple Countermeasures to Mitigate the Effect of Pollution Attack in Network Coding-Based Peer-to-Peer Live Streaming. Multimedia, IEEE Transactions on, 17(4), 562-573.

Group, W. N. R. WITS: Waikato Internet Traffic Storage.

Hadi, A. D. A., Azmat, F. H., & Ali, F. H. M. (2013). IDS Using Mitigation Rules Approach to Mitigate ICMP Attacks. Paper presented at the Advanced Computer Science Applications and Technologies (ACSAT), 2013 International Conference on.

Jun, J.-H., Kim, M.-J., Cho, J.-H., Ahn, C.-W., & Kim, S.-H. (2014). Detection Method of Distributed Denial-of-Service Flooding Attacks Using Analysis of Flow Information. The Journal of The Institute of Internet, Broadcasting and Communication, 14(1), 203-209.

Kazantzidis, M., Gerla, M., & Lee, S. (2001). RFC 3697: Permissible throughput network for adaptative multimedia in AODV MANETs. Paper presented at the IEEE ICC 2001.

Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.

Pelechrinis, K., Iliofotou, M., & Krishnamurthy, S. V. (2011). Denial of service attacks in wireless networks: The case of jammers. Communications Surveys & Tutorials, IEEE, 13(2), 245-257.

Rajahalme, J., Amante, S., Jiang, S., & Carpenter, B. (2011). IPv6 flow label specification.

Sheth, C., Thakker, R. A., Rahman, H., Abdullah, L., Joshi, R., Singh, M., . . . Vijayakumar, T. (2014). Performance Optimization of Network Firewalls by Rulebase Reordering based on Traffic Conditions. International Journal Of Computer Science And Network Solutions.

Timofte, R., Zimmermann, K., & Van Gool, L. (2014). Multi-view traffic sign detection, recognition, and 3d localisation. Machine Vision and Applications, 25(3), 633-647.

Van Raamsdonk, M. (2014). Evaporating firewalls. Journal of High Energy Physics, 2014(11), 1-16.

Yu, L., & Liu, H. (2003). Feature selection for high-dimensional data: A fast correlation-based filter solution. Paper presented at the ICML.

Zaklouta, F., & Stanciulescu, B. (2014). Real-time traffic sign recognition in three stages. Robotics and autonomous systems, 62(1), 16-24.


Copyright (c) 2016 Ciencia & Natura

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.