Proactive Security Mechanism and Design for Firewall
Saleem-Ullah Lar, Xiaofeng Liao, Aqeel ur Rehman, MA Qinglu
DOI: 10.4236/jis.2011.23012   PDF   HTML     6,789 Downloads   12,569 Views   Citations


In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security algorithm, we have figured out security level of each packet and adjust according to packets dynamic states. Internet firewall can respond to these dynamics and take respective actions accordingly. Therefore, proactive firewall solves the conflict between speed and security by providing high performance and high security. Simulation shows that if the response value is in between 0.7 and 1 it belongs to high security.

Share and Cite:

S. Lar, X. Liao, A. Rehman and M. Qinglu, "Proactive Security Mechanism and Design for Firewall," Journal of Information Security, Vol. 2 No. 3, 2011, pp. 122-130. doi: 10.4236/jis.2011.23012.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] CSI/FBI, “Computer Crime and Security Survey,” 2004.
[2] C. Baumrucker, J. Burton, S. Dentler, et al., “Cisco Security Professional’s Guide to Secure Intrusion Detection Systems,” Syngress Publishing, Burlington, 2003.
[3] C. Endorf, E. Schultz and J. Mellander, “Intrusion Detection & Prevention,” McGraw-Hill, Boston, 2004.
[4] “Technical Overview of The Bouncer,”
[5] M. Barkett, “Intrusion Prevention Systems,” NFR Security, Inc., 2004.
[6] K. Xinidis, K. G. Anagnostakis and E. P. Markatos, “Design and Implementation of a High Performance Network Intrusion Prevention System,” Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, 30 May-1 June, 2005.
[7] T. Sproul and J. Lockwood, “Wide-Area Hardware-Ac- celerated Intrusion Prevention Systems (WHIPS),” Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, 27-29 October 2004.
[8] D. Sarang, K. Praveen, T. S. Sproull and J. W. Lockwood, “Deep Packet Inspection Using Parallel Bloom Filters,” IEEE Micro, Vol. 24, No. 1, 2004., pp. 52-61.
[9] D. V. Schuehler, J. Moscola and J. W. Lockwood, “Architecture for a Hardware-Based, TCP/IP Content- Processing System”, IEEE Micro, Vol. 24, No. 1, 2004, pp. 62-69.
[10] H. Song and J. W. Lockwood, “Efficient Packet Classification for Network Intrusion Detection Using FPGA,” Proceedings of the International Symposium on Field- Programmable Gate Arrays (FPGA’05), Monterey, 20-22 February, 2005.
[11] J. Yen and R. Langari, “Fuzzy Logic: Intelligence, Control and Information,” Prentice Hall, Upper Saddle River NJ, 1999.
[13] M. S. Abadeh, J. Habibi and C. Lucas, “Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm,” Journal of Network and Computer Applications, Vol. 30, No. 2007, 2007, pp. 414-428.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.