An innovative two-stage algorithm to optimize Firewall rule ordering

Coscia, Antonio; Dentamaro, Vincenzo; Galantucci, Stefano; Maci, Antonio; Pirlo, Giuseppe

doi:10.1016/j.cose.2023.103423

Cited by 5 publications

(1 citation statement)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to filter packets, a rule designer must first develop a set of criteria against which to check and match incoming data. Since packets and rules may vary and evolve over time, this seems to be the primary filtering challenge [11,[37][38][39][40][41][42][43]. In Ref.…”

Section: State Of the Artmentioning

confidence: 99%

An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

Madhloom,

Noori,

Ebis

et al. 2023

Computers

View full text Add to dashboard Cite

Due to the Internet’s explosive growth, network security is now a major concern; as a result, tracking network traffic is essential for a variety of uses, including improving system efficiency, fixing bugs in the network, and keeping sensitive data secure. Firewalls are a crucial component of enterprise-wide security architectures because they protect individual networks from intrusion. The efficiency of a firewall can be negatively impacted by issues with its design, configuration, monitoring, and administration. Recent firewall security methods do not have the rigor to manage the vagueness that comes with filtering packets from the exterior. Knowledge representation and reasoning are two areas where fuzzy Petri nets (FPNs) receive extensive usage as a modeling tool. Despite their widespread success, FPNs’ limitations in the security engineering field stem from the fact that it is difficult to represent different kinds of uncertainty. This article details the construction of a novel packet-filtering firewall model that addresses the limitations of current FPN-based filtering methods. The primary contribution is to employ Simplified Neutrosophic Petri nets (SNPNs) as a tool for modeling discrete event systems in the area of firewall packet filtering that are characterized by imprecise knowledge. Because of SNPNs’ symbolic ability, the packet filtration model can be quickly and easily established, examined, enhanced, and maintained. Based on the idea that the ambiguity of a packet’s movement can be described by if–then fuzzy production rules realized by the truth-membership function, the indeterminacy-membership function, and the falsity-membership functional, we adopt the neutrosophic logic for modelling PN transition objects. In addition, we simulate the dynamic behavior of the tracking system in light of the ambiguity inherent in packet filtering by presenting a two-level filtering method to improve the ranking of the filtering rules list. Results from experiments on a local area network back up the efficacy of the proposed method and illustrate how it can increase the firewall’s susceptibility to threats posed by network traffic.

show abstract