http://iet.metastore.ingenta.com
1887

Hybrid mechanism towards network packet early acceptance and rejection for unified threat management

Hybrid mechanism towards network packet early acceptance and rejection for unified threat management

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just ‘attached or added on’. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.

References

    1. 1)
      • A.V. Aho , M.J. Corasick .
        1. Aho, A.V., Corasick, M.J.: ‘Efficient string matching: an aid to bibliographic search’, Commun. ACM, 1975, 18, (6), pp. 333340.
        . Commun. ACM , 6 , 333 - 340
    2. 2)
      • B. Commentz-Walter .
        2. Commentz-Walter, B.: ‘A string matching algorithm fast on the average’. Proc. ICALP, 1979, pp. 118132.
        . Proc. ICALP , 118 - 132
    3. 3)
      • D. Knuth . (1997)
        3. Knuth, D.: ‘The art of computer programming: semi-numerical algorithms’ (Addison-Wesley, 1997), vol. 2, 3rd edn., ISBN: 0-201-89684- 2.
        .
    4. 4)
      • R.S. Boyer , J. Strother Moore .
        4. Boyer, R.S., Strother Moore, J.: ‘A fast string searching algorithm’, Commun. ACM, 1977, 0, (10), pp. 76172.
        . Commun. ACM , 10 , 76 - 172
    5. 5)
      • S. Dharmapurikar , P. Krishnamurthy , T.S. Sproull .
        5. Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., et al: ‘Deep packet inspection using parallel bloom filters’, IEEE Micro, 2004, 24, (1), pp. 5261.
        . IEEE Micro , 1 , 52 - 61
    6. 6)
      • D.E. Taylor .
        6. Taylor, D.E.: ‘Survey and taxonomy of packet classification techniques’, ACM Comput. Surv., 2005, 37, (3), pp. 238275.
        . ACM Comput. Surv. , 3 , 238 - 275
    7. 7)
      • Y. Fang , R.H. Katz , T.V. Lakshman .
        7. Fang, Y., Katz, R.H., Lakshman, T.V.: ‘Gigabit rate packet pattern-matching using TCAM’. ICNP, 2004, pp. 174183.
        . ICNP , 174 - 183
    8. 8)
      • H. Hamed , A. El-Atawy , E. Al-Shaer .
        8. Hamed, H., El-Atawy, A., Al-Shaer, E.: ‘On dynamic optimization of packet matching in high-speed firewalls’, IEEE Sel J. Areas Commun., 2006, 24, (10), pp. 18171830.
        . IEEE Sel J. Areas Commun. , 10 , 1817 - 1830
    9. 9)
      • H. Hamed , A. El-Atawy , E. Al-Shaer .
        9. Hamed, H., El-Atawy, A., Al-Shaer, E.: ‘Adaptive statistical optimization techniques for firewall packet filtering’. IEEE INFOCOM'06, April 2006.
        . IEEE INFOCOM'06
    10. 10)
      • E. Al-Shear , A. El-Atawy , T. Tran .
        10. Al-Shear, E., El-Atawy, A., Tran, T.: ‘Adaptive early packet filtering for defending firewalls against DoS attack’. Proc. IEEE INFOCOM, 2009, pp. 19.
        . Proc. IEEE INFOCOM , 1 - 9
    11. 11)
      • Z. Trabelsi , L. Zhang , S. Zeidan .
        11. Trabelsi, Z., Zhang, L., Zeidan, S.: ‘Packet flow histograms to improve firewall efficiency’. ICICS, December 2011.
        . ICICS
    12. 12)
      • Z. Trabelsi , L. Zhang , S. Zeidan .
        12. Trabelsi, Z., Zhang, L., Zeidan, S.: ‘Dynamic rule and rule-field orders optimization for improving firewall performance and security’, IET Inf. Secur. J., 2013, 8, (4), pp. 250257.
        . IET Inf. Secur. J. , 4 , 250 - 257
    13. 13)
      • Z. Trabelsi , L. Zhang , S. Zeidan .
        13. Trabelsi, Z., Zhang, L., Zeidan, S., et al: ‘Dynamic traffic awareness statistical model for firewall performance enhancement’, Elsevier Comput. Secur., 2013, 39, pp. 160172.
        . Elsevier Comput. Secur. , 160 - 172
    14. 14)
      • N. Neji , A. Bouhououla .
        14. Neji, N., Bouhououla, A.: ‘Dynamic scheme for packet classification using splay trees’. Inf. Assur. Secur. J., 2009, 4, pp. 133141.
        . Inf. Assur. Secur. J. , 133 - 141
    15. 15)
      • Z. Trabelsi , S. Zeidan .
        15. Trabelsi, Z., Zeidan, S.: ‘Multilevel early packet filtering technique based on traffic statistics and splay trees for firewall performance improvement’. IEEE, ICC CISS, 2012, pp. 10741078.
        . IEEE, ICC CISS , 1074 - 1078
    16. 16)
      • T. Song , W. Zhang , D. Wang .
        16. Song, T., Zhang, W., Wang, D., et al: ‘A memory efficient multiple pattern matching architecture for network security’. IEEE INFOCOM 2008 Proc., 2008.
        . IEEE INFOCOM 2008 Proc.
    17. 17)
      • M. Stevens .
        17. Stevens, M.: ‘UTM: one-stop protection’, Netw. Secur., 2006, 2006, (2), pp. 1214.
        . Netw. Secur. , 2 , 12 - 14
    18. 18)
      • Y. Qi , B. Yang , B. Xu .
        18. Qi, Y., Yang, B., Xu, B., et al: ‘Towards system-level optimization for high performance unified threat management’. Proc. Int. Conf. on Networking and Services, 2007.
        . Proc. Int. Conf. on Networking and Services
    19. 19)
      • J. Alfaro , N. Boulahia-Cuppens , F. Cuppens .
        19. Alfaro, J., Boulahia-Cuppens, N., Cuppens, F.: ‘Complete analysis of configuration rules to guarantee reliable network security policies’, Int. J. Inf. Secur., 2008, 7, (2), pp. 103122.
        . Int. J. Inf. Secur. , 2 , 103 - 122
    20. 20)
      • M. Waldvogel , G. Varghese , J. Turner .
        20. Waldvogel, M., Varghese, G., Turner, J., et al: ‘Scalable high speed IP routing lookups’. Proc. ACM SIGCOMM (SIGCOMM ‘97), 1997, pp. 2536.
        . Proc. ACM SIGCOMM (SIGCOMM ‘97) , 25 - 36
    21. 21)
      • 21. http://www.math.hws.edu/javamath/ryan/ChiSquare.html.
        .
    22. 22)
      • 22. http://www.caida.org/data/.
        .
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0246
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0246
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address