Proposed Multi-Layer Firewall to Improve the Security of Software Defined Networks

Hussein, Mohammed AbdulRidha

doi:10.3991/ijim.v17i02.36387

Cited by 5 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The benefits of packet filtering firewalls as a network security solution are their low complexity, low cost, high speed, low resource consumption, predictability, and determinism. However, it has drawbacks, such as being ineffective against modern attacks, being vulnerable to spoofing, being unable to make decisions based on application or authentication, and rule lists growing too large to manage [63]. Existing packet classification methods still have issues with poor classification performance and huge storage space despite the fact that a lot of research has been conducted in this field.…”

Section: Methodsmentioning

confidence: 99%

An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

Madhloom,

Noori,

Ebis

et al. 2023

Computers

View full text Add to dashboard Cite

Due to the Internet’s explosive growth, network security is now a major concern; as a result, tracking network traffic is essential for a variety of uses, including improving system efficiency, fixing bugs in the network, and keeping sensitive data secure. Firewalls are a crucial component of enterprise-wide security architectures because they protect individual networks from intrusion. The efficiency of a firewall can be negatively impacted by issues with its design, configuration, monitoring, and administration. Recent firewall security methods do not have the rigor to manage the vagueness that comes with filtering packets from the exterior. Knowledge representation and reasoning are two areas where fuzzy Petri nets (FPNs) receive extensive usage as a modeling tool. Despite their widespread success, FPNs’ limitations in the security engineering field stem from the fact that it is difficult to represent different kinds of uncertainty. This article details the construction of a novel packet-filtering firewall model that addresses the limitations of current FPN-based filtering methods. The primary contribution is to employ Simplified Neutrosophic Petri nets (SNPNs) as a tool for modeling discrete event systems in the area of firewall packet filtering that are characterized by imprecise knowledge. Because of SNPNs’ symbolic ability, the packet filtration model can be quickly and easily established, examined, enhanced, and maintained. Based on the idea that the ambiguity of a packet’s movement can be described by if–then fuzzy production rules realized by the truth-membership function, the indeterminacy-membership function, and the falsity-membership functional, we adopt the neutrosophic logic for modelling PN transition objects. In addition, we simulate the dynamic behavior of the tracking system in light of the ambiguity inherent in packet filtering by presenting a two-level filtering method to improve the ranking of the filtering rules list. Results from experiments on a local area network back up the efficacy of the proposed method and illustrate how it can increase the firewall’s susceptibility to threats posed by network traffic.

show abstract

Section: Methodsmentioning

confidence: 99%

An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

Madhloom,

Noori,

Ebis

et al. 2023

Computers

View full text Add to dashboard Cite

show abstract

“…Act as a first line of defense by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules [96]. They help prevent unauthorized access and protect against external threats [97]- [100].…”

Section: Firewallsmentioning

confidence: 99%

Organizational information security threats: Status and challenges

Bernard Oloo Akello

2024

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Organizational information security is a critical concern in today’s interconnected and data-driven world. With the increasing frequency and sophistication of cyber threats, organizations face significant risks to the confidentiality, integrity, and availability of their sensitive information. This paper provides an overview of the key aspects and challenges related to organizational information security. It highlights the importance of implementing robust security measures, such as firewalls, intrusion detection systems, encryption technologies, and secure coding practices, to protect against external threats. It also demonstrates the need for continuous monitoring, threat intelligence sharing, and incident response capabilities to detect and respond to security incidents effectively. This survey shows importance of user awareness, training, and adherence to security policies and procedures. In addition, the significance of establishing a security-centric culture within organizations to mitigate the risk of insider threats and promote a strong security posture is discussed. The evolving threat landscape, including challenges associated with advanced persistent threats, zero-day vulnerabilities, and the security of emerging technologies such as IoT and AI are highlighted, together with the need for ongoing research and innovation to address these challenges and enhance the effectiveness of preventive measures.

show abstract

“…3 . NF misleading attack: The packet can be used by a switch or VNF that has been compromised, modifying capabilities to trick the security services and let outside malicious traffic into the network 9 . The misleading attack by the NF is depicted in Fig.…”

Section: Introductionmentioning

confidence: 99%

Developing an SDN security model (EnsureS) based on lightweight service path validation with batch hashing and tag verification

Pradeep,

Sharma,

Lilhore

et al. 2023

Sci Rep

View full text Add to dashboard Cite

Software-defined networking (SDN) has significantly transformed the field of network management through the consolidation of control and provision of enhanced adaptability. However, this paradigm shift has concurrently presented novel security concerns. The preservation of service path integrity holds significant importance within SDN environments due to the potential for malevolent entities to exploit network flows, resulting in a range of security breaches. This research paper introduces a model called "EnsureS", which aims to enhance the security of SDN by proposing an efficient and secure service path validation approach. The proposed approach utilizes a Lightweight Service Path Validation using Batch Hashing and Tag Verification, focusing on improving service path validation's efficiency and security in SDN environments. The proposed EnsureS system utilizes two primary techniques in order to validate service pathways efficiently. Firstly, the method utilizes batch hashing in order to minimize computational overhead. The proposed EnsureS algorithm enhances performance by aggregating packets through batches rather than independently; the hashing process takes place on each one in the service pathway. Additionally, the implementation of tag verification enables network devices to efficiently verify the authenticity of packets by leveraging pre-established trust relationships. EnsureS provides a streamlined and effective approach for validating service paths in SDN environments by integrating these methodologies. In order to assess the efficacy of the Proposed EnsureS, a comprehensive series of investigations were conducted within a simulated SDN circumstance. The efficacy of Proposed EnsureS was then compared to that of established methods. The findings of our study indicate that the proposed EnsureS solution effectively minimizes computational overhead without compromising on the established security standards. The implementation successfully reduces the impact of different types of attacks, such as route alteration and packet spoofing, increasing SDN networks' general integrity.

show abstract

Proposed Multi-Layer Firewall to Improve the Security of Software Defined Networks

Cited by 5 publications

References 20 publications

An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

Organizational information security threats: Status and challenges

Developing an SDN security model (EnsureS) based on lightweight service path validation with batch hashing and tag verification

Contact Info

Product

Resources

About