Design a Security Firewall Policy to Filter Incoming Traffic in Packet Switched Networks Using Classification Methods

Authors

  • Shirin Bateni Student, Computer and Networking, Electronics and Computer Department, Islamic Azad University, Garmsar Branch, Iran
  • Ali Asghar Khavasi Faculty Member, Computer and IT Engineering Department, Islamic Azad University, Zanjan Branch, Iran

DOI:

https://doi.org/10.5902/2179460X21530

Keywords:

Firewall. Denial of service attacks. Machine learning. Classification.

Abstract

Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets.

Downloads

Download data is not yet available.

References

Al-Shaer, E. (2014). Classification and Discovery of Firewalls Policy Anomalies Automated Firewall Analytics (pp. 1-24): Springer.

Alcock, S., Lorier, P., & Nelson, R. (2012). Libtrace: a packet capture and analysis library. ACM SIGCOMM Computer Communication Review, 42(2), 42-48.

Antikainen, M., Aura, T., & Särelä, M. (2014). Denial-of-service attacks in Bloom-filter-based forwarding. IEEE/ACM Transactions on Networking (TON), 22(5), 1463-1476.

Bogdanoski, M., Suminoski, T., & Risteski, A. (2013). Analysis of the SYN Flood DoS Attack. International Journal of Computer Network and Information Security (IJCNIS), 5(8), 1-11.

Brownlee, N., Mills, C., & Ruth, G. (1999). Traffic flow measurement: Architecture. Traffic.

Brownlee, N., Mills, C., & Ruth, G. (1999). Traffic flow measurement: architecture (RFC 2722). Outubro.

Callado, A., Kamienski, C., Szabó, G., Gerö, B. P., Kelner, J., Fernandes, S., & Sadok, D. (2009). A survey on internet traffic identification. Communications Surveys & Tutorials, IEEE, 11(3), 37-52.

Cireşan, D., Meier, U., Masci, J., & Schmidhuber, J. (2012). Multi-column deep neural network for traffic sign classification. Neural Networks, 32, 333-338.

Darwish, M., Ouda, A., & Capretz, L. F. (2013). Cloud-based DDoS attacks and defenses. Paper presented at the Information Society (i-Society), 2013 International Conference on.

Eckhardt, J., Mühlbauer, T., AlTurki, M., Meseguer, J., & Wirsing, M. (2012). Stable availability under denial of service attacks through formal patterns Fundamental Approaches to Software Engineering (pp. 78-93): Springer.

Fiandrotti, A., Gaeta, R., & Grangetto, M. (2015). Simple Countermeasures to Mitigate the Effect of Pollution Attack in Network Coding-Based Peer-to-Peer Live Streaming. Multimedia, IEEE Transactions on, 17(4), 562-573.

Group, W. N. R. WITS: Waikato Internet Traffic Storage.

Hadi, A. D. A., Azmat, F. H., & Ali, F. H. M. (2013). IDS Using Mitigation Rules Approach to Mitigate ICMP Attacks. Paper presented at the Advanced Computer Science Applications and Technologies (ACSAT), 2013 International Conference on.

Jun, J.-H., Kim, M.-J., Cho, J.-H., Ahn, C.-W., & Kim, S.-H. (2014). Detection Method of Distributed Denial-of-Service Flooding Attacks Using Analysis of Flow Information. The Journal of The Institute of Internet, Broadcasting and Communication, 14(1), 203-209.

Kazantzidis, M., Gerla, M., & Lee, S. (2001). RFC 3697: Permissible throughput network for adaptative multimedia in AODV MANETs. Paper presented at the IEEE ICC 2001.

Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.

Pelechrinis, K., Iliofotou, M., & Krishnamurthy, S. V. (2011). Denial of service attacks in wireless networks: The case of jammers. Communications Surveys & Tutorials, IEEE, 13(2), 245-257.

Rajahalme, J., Amante, S., Jiang, S., & Carpenter, B. (2011). IPv6 flow label specification.

Sheth, C., Thakker, R. A., Rahman, H., Abdullah, L., Joshi, R., Singh, M., . . . Vijayakumar, T. (2014). Performance Optimization of Network Firewalls by Rulebase Reordering based on Traffic Conditions. International Journal Of Computer Science And Network Solutions.

Timofte, R., Zimmermann, K., & Van Gool, L. (2014). Multi-view traffic sign detection, recognition, and 3d localisation. Machine Vision and Applications, 25(3), 633-647.

Van Raamsdonk, M. (2014). Evaporating firewalls. Journal of High Energy Physics, 2014(11), 1-16.

Yu, L., & Liu, H. (2003). Feature selection for high-dimensional data: A fast correlation-based filter solution. Paper presented at the ICML.

Zaklouta, F., & Stanciulescu, B. (2014). Real-time traffic sign recognition in three stages. Robotics and autonomous systems, 62(1), 16-24.

Downloads

Published

2016-05-31

How to Cite

Bateni, S., & Khavasi, A. A. (2016). Design a Security Firewall Policy to Filter Incoming Traffic in Packet Switched Networks Using Classification Methods. Ciência E Natura, 38(2), 821–830. https://doi.org/10.5902/2179460X21530

Issue

Vol. 38 No. 2 (2016)

Section

Environment

License

To access the DECLARATION AND TRANSFER OF COPYRIGHT AUTHOR’S DECLARATION AND COPYRIGHT LICENSE click here.

 

Ethical Guidelines for Journal Publication

The Ciência e Natura journal is committed to ensuring ethics in publication and quality of articles. 

Conformance to standards of ethical behavior is therefore expected of all parties involved: Authors, Editors, Reviewers, and the Publisher.

In particular, 

Authors: Authors should present an objective discussion of the significance of research work as well as sufficient detail and references to permit others to replicate the experiments. Fraudulent or knowingly inaccurate statements constitute unethical behavior and are unacceptable. Review Articles should also be objective, comprehensive, and accurate accounts of the state of the art. The Authors should ensure that their work is entirely original works, and if the work and/or words of others have been used, this has been appropriately acknowledged. Plagiarism in all its forms constitutes unethical publishing behavior and is unacceptable. Submitting the same manuscript to more than one journal concurrently constitutes unethical publishing behavior and is unacceptable. Authors should not submit articles describing essentially the same research to more than one journal. The corresponding Author should ensure that there is a full consensus of all Co-authors in approving the final version of the paper and its submission for publication.

Editors: Editors should evaluate manuscripts exclusively on the basis of their academic merit. An Editor must not use unpublished information in the editor's own research without the express written consent of the Author. Editors should take reasonable responsive measures when ethical complaints have been presented concerning a submitted manuscript or published paper.

Reviewers: Any manuscripts received for review must be treated as confidential documents. Privileged information or ideas obtained through peer review must be kept confidential and not used for personal advantage. Reviewers should be conducted objectively, and observations should be formulated clearly with supporting arguments, so that Authors can use them for improving the paper. Any selected Reviewer who feels unqualified to review the research reported in a manuscript or knows that its prompt review will be impossible should notify the Editor and excuse himself from the review process. Reviewers should not consider manuscripts in which they have conflicts of interest resulting from competitive, collaborative, or other relationships or connections with any of the authors, companies, or institutions connected to the papers.