An Approach for Improving Performance of a Packet Filtering Firewall Based on Fuzzy Petri Net
Journal of Advances in Computer Networks
With the rapid development of Internet, the security of networks becomes an important issue today and monitoring network traffic is necessary for realizing different purposes such as system performance, network debugging and/or information security. As a major measure to implement enterprise security, firewall technique ensures the security of local networks. Traditional firewall technologies have their own weaknesses in architecture, configuration, monitoring and management that affect to
... all performance. Furthermore, it lacks to deal with vague and uncertainty associated with filtering packets from outside. Architecture of a new kind of firewall, intelligence firewall is presented in this paper. The main contribution is to utilize Fuzzy Petri Net as a tool for modeling discrete event systems characterized by an imprecise knowledge. The graphical power of Petri Nets makes the packet filtering model easy to design, test, improve and maintain. Another contribution is to present 2-level fuzzy filtering algorithm to enhance ordering of filtering rules list that permits us to model the dynamic behavior of monitoring system concerning uncertainty associated with packet filtering. Experimental results for local network are given, which show the effectiveness of the suggested approach and demonstrate the enhancement of the firewall sensitivity against the risk coming from network traffics. Index Terms-Firewall, fuzzy petri net, packet filtering, access control list (ACL).