Optimization of Parallel Firewalls Filtering Rules

Hadjadj, Taha Elamine; Tebourbi, Rim; Bouhoula, Adel; Ksantini, Riadh

doi:10.23919/softcom.2019.8903718

Cited by 5 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the ACN is considered a valuable factor for anomaly detection from a rule's definition perspective. Similar anomalies may be distinguishable by the absence of the OpCode value and numbering plan alterations for attacking subscribers [34]. From Fig.…”

Section: Detect Malformed and Inconsistency In Parameters Between Layers A Using Malformed Parameters Check Rulementioning

confidence: 64%

“…Recommendations and evidence to date show that using the MAP OpCode alone is sufficient to apply rules to such MAP messages. However, it is anticipated that the ACN may provide the environment to carry out different attacks by malformed it or even removing it from the message parameters [34]. Therefore, the ACN is considered a valuable factor for anomaly detection from a rule's definition perspective.…”

Section: Detect Malformed and Inconsistency In Parameters Between Layers A Using Malformed Parameters Check Rulementioning

confidence: 99%

“…Parallelization, known as load balancing firewalls, is an architecture that allows packet inspection under high traffic loads and speeds. Parallel firewall designs are used to cater to multiple attacks happening simultaneously [34]. The proposed model using the feature set proposed as illustrated in Tab.…”

Section: Phase 4-anomaly Detection and Anomaly Blocking Alertmentioning

confidence: 99%

See 2 more Smart Citations

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Afzal¹,

Murugesan²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

The global Signalling System No. 7 (SS7) network protocol standard has been developed and regulated based only on trusted partner networks. The SS7 network protocol by design neither secures the communication channel nor verifies the entire network peers. The SS7 network protocol used in telecommunications has deficiencies that include verification of actual subscribers, precise location, subscriber's belonging to a network, absence of illegitimate message filtering mechanism, and configuration deficiencies in home routing networks. Attackers can take advantage of these deficiencies and exploit them to impose threats such as subscriber or network data disclosure, intercept mobile traffic, perform account frauds, track subscriber location, and deny services. Existing methods are unable to identify suspicious hosts as they use a minimal number of network parameters. So, there is a vital need to overcome these deficiencies to detect the abnormal behaviour of users and hence mitigate security attacks in a mobile network. This research proposes a model for anomaly detection in mobile networks based on Rule-based filtering with stateful correlation. The performance of the proposed method is evaluated using synthetic datasets. Results show that the proposed anomaly detection model performs 0.37% better in terms of security attack detection rate, 24.25% better in terms of false alarm rate, and 31.45% better in terms of true positive rate when compared with the existing pattern recognition Artificial Neural Network (ANN) algorithm.

show abstract

Section: Detect Malformed and Inconsistency In Parameters Between Layers A Using Malformed Parameters Check Rulementioning

confidence: 64%

Section: Detect Malformed and Inconsistency In Parameters Between Layers A Using Malformed Parameters Check Rulementioning

confidence: 99%

Section: Phase 4-anomaly Detection and Anomaly Blocking Alertmentioning

confidence: 99%

See 1 more Smart Citation

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Afzal¹,

Murugesan²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…In [24] a similar architecture was proposed focusing on fault-tolerant implementation and algorithms for load distribution. Finally, in [25] a technique was described to distribute both rules and packets among parallel firewalls while maintaining the network security integrity. This solution first preprocesses rules to eliminate their dependencies and translates the firewall sequence to include only accept actions.…”

Section: ) Parallel Architecturesmentioning

confidence: 99%

“…Intra-firewall contributions appeared in the literature include, for instance, (optimal) rule ordering [14]- [18], firewall compression [19], [20] and rule analysis [21], [22]. Interfirewall alternatives are frequently based on special architectures such as parallel firewalls [23]- [25]; another approach leverages the transfer of filtering rules among firewalls located in the same network [26], [27].…”

Section: Introductionmentioning

confidence: 99%