—With the rapid development of Internet, the security of networks becomes an important issue today and monitoring network traffic is necessary for realizing different purposes such as system performance, network debugging and/or information security. As a major measure to implement enterprise security, firewall technique ensures the security of local networks. Traditional firewall technologies have their own weaknesses in architecture, configuration, monitoring and management that affect to firewall performance. Furthermore, it lacks to deal with vague and uncertainty associated with filtering packets from outside. Architecture of a new kind of firewall, intelligence firewall is presented in this paper. The main contribution is to utilize Fuzzy Petri Net as a tool for modeling discrete event systems characterized by an imprecise knowledge. The graphical power of Petri Nets makes the packet filtering model easy to design, test, improve and maintain. Another contribution is to present 2-level fuzzy filtering algorithm to enhance ordering of filtering rules list that permits us to model the dynamic behavior of monitoring system concerning uncertainty associated with packet filtering. Experimental results for local network are given, which show the effectiveness of the suggested approach and demonstrate the enhancement of the firewall sensitivity against the risk coming from network traffics.
—Firewall, fuzzy petri net, packet filtering, access control list (ACL).
Ali A. Ali is with Iraqi Commission for Computers and Informatics, Department of Computer, Ministry of Higher education and Scientific Research, Iraq (e-mail: firstname.lastname@example.org).
Saad M. Darwish and Shawkat K. Guirguis are with the Department of Information Technology, Institute of Graduate Studies and Research, Alexandria University, 163 Horreya Avenue, El-Shatby 21526, P.O. Box 832, Alexandria, Egypt (e-mail: email@example.com, Shawkat_g@yahoo.com).
Cite:Ali A. Ali, Saad M. Darwish, and Shawkat K. Guirguis, "An Approach for Improving Performance of a Packet Filtering Firewall Based on Fuzzy Petri Net," Journal of Advances in Computer Networks vol. 3, no. 1, pp. 67-74, 2015.