Adaptive Statistical Optimization Techniques for Firewall Packet Filtering

Hamed, H.; El-Atawy, Adel; Al-Shaer, Ehab

doi:10.1109/infocom.2006.129

Cited by 63 publications

(33 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The idea of early attack packet rejection was introduced in [2, 17 and 18]. In [2], FVSC approach is proposed to optimize the rejection path in a small rule set, with low diversity of field values. PBER technique in [18] is considered as a generalization of FVSC [2] in the sense that FVSC [2] focuses only on rejection path while PBER [18] finds short cuts for both accepted and rejected packets.…”

Section: Related Workmentioning

confidence: 99%

IDS performance enhancement technique based on dynamic traffic awareness histograms

Trabelsi

Zeidan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

show abstract

Section: Related Workmentioning

confidence: 99%

IDS performance enhancement technique based on dynamic traffic awareness histograms

Trabelsi

Zeidan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…They presented techniques, algorithms and evaluation study to tackle each problem effectively [7]. K. Salah presented an analytical model to study and analyze the performance of rule based firewall.…”

Section: Related Workmentioning

confidence: 99%

Adaptive Reorientation Method for Performance Enhancement in Network Firewalls

BSubrahmanyam¹,

Varma²

2013

IJCA

View full text Add to dashboard Cite

Firewall plays a crucial role in network defense and perimeter security. The performance of such a firewall greatly depends on number of rules processed per packet and the order of the rules as well. In this paper an Adaptive Reorientation Method (ARM) was proposed, which will calculate the weight of each rule, after few cycles of traffic simulations. The rules are then reoriented according to their weights. The firewall is configured using several Access Control Lists (ACL) and using the ARM priority of the rules are calculated and are reoriented accordingly. The performance of the firewall is evaluated and compared before and after orientation.

show abstract

“…In this section, we use the basic entropy formula as described in [5], [3], to show how much skewness (predictability) exists in future data from that source. We define "the skewness factor S f of a filtering field f is a value between 0 (for a nonskewed or uniform distribution) and 1 (for a totally skewed distribution).…”

Section: A Measuring Skewness In Traffic Distributionmentioning

confidence: 99%

“…The clear difference in skewness measure of various traffic and field values between spam and benign traffic is used as fingerprinting for spambots. The skewness distribution of Internet traffic was exploited to enhance filtering in [5], [4].…”

Section: A Measuring Skewness In Traffic Distributionmentioning

confidence: 99%

Information Theoretic Approach for Characterizing Spam Botnets Based on Traffic Properties

Smith

Al-Shaer

Elbadawi

2009

2009 IEEE International Conference on Communications

Self Cite

View full text Add to dashboard Cite

In this paper, we present several novel identifying characteristics of spam-sending bots (or spambots) based on traffic statistics. We use the entropy to measure the distribution skewness for a number of traffic features including packet interdeparture time, email per recipients, rate of change in recipient list and destination domains, and inconsistency in email header information of the outgoing email traffic. We also show how we can measure the deviation in these features from benign emails traffic to decisively detect spambots. Our tool is developed to sit anonymously behind the mail server in a network, capturing SMTP data packets and analyzing the traffic while keeping all of the personal email data private and unrecoverable. Unlike content filtering, our technique is hard to evade and used to detect spam email close to the source. In addition, our technique uses online light weight calculations and can be efficiently deployed in the end-user or ISP devices as well. We evaluated our technique using about 6 million email records of real spambot traffic collected during June 2007 -June 2008. Our evaluation results show that our tool can detect spambots accurately and efficiently even with high traffic volume.

show abstract

Adaptive Statistical Optimization Techniques for Firewall Packet Filtering

Cited by 63 publications

References 18 publications

IDS performance enhancement technique based on dynamic traffic awareness histograms

IDS performance enhancement technique based on dynamic traffic awareness histograms

Adaptive Reorientation Method for Performance Enhancement in Network Firewalls

Information Theoretic Approach for Characterizing Spam Botnets Based on Traffic Properties

Contact Info

Product

Resources

About