Share This Article:

Proactive Security Mechanism and Design for Firewall

Abstract Full-Text HTML Download Download as PDF (Size:344KB) PP. 122-130
DOI: 10.4236/jis.2011.23012    5,978 Downloads   11,207 Views   Citations


In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security algorithm, we have figured out security level of each packet and adjust according to packets dynamic states. Internet firewall can respond to these dynamics and take respective actions accordingly. Therefore, proactive firewall solves the conflict between speed and security by providing high performance and high security. Simulation shows that if the response value is in between 0.7 and 1 it belongs to high security.

Cite this paper

S. Lar, X. Liao, A. Rehman and M. Qinglu, "Proactive Security Mechanism and Design for Firewall," Journal of Information Security, Vol. 2 No. 3, 2011, pp. 122-130. doi: 10.4236/jis.2011.23012.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] CSI/FBI, “Computer Crime and Security Survey,” 2004.
[2] C. Baumrucker, J. Burton, S. Dentler, et al., “Cisco Security Professional’s Guide to Secure Intrusion Detection Systems,” Syngress Publishing, Burlington, 2003.
[3] C. Endorf, E. Schultz and J. Mellander, “Intrusion Detection & Prevention,” McGraw-Hill, Boston, 2004.
[4] “Technical Overview of The Bouncer,”
[5] M. Barkett, “Intrusion Prevention Systems,” NFR Security, Inc., 2004.
[6] K. Xinidis, K. G. Anagnostakis and E. P. Markatos, “Design and Implementation of a High Performance Network Intrusion Prevention System,” Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, 30 May-1 June, 2005.
[7] T. Sproul and J. Lockwood, “Wide-Area Hardware-Ac- celerated Intrusion Prevention Systems (WHIPS),” Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, 27-29 October 2004.
[8] D. Sarang, K. Praveen, T. S. Sproull and J. W. Lockwood, “Deep Packet Inspection Using Parallel Bloom Filters,” IEEE Micro, Vol. 24, No. 1, 2004., pp. 52-61.
[9] D. V. Schuehler, J. Moscola and J. W. Lockwood, “Architecture for a Hardware-Based, TCP/IP Content- Processing System”, IEEE Micro, Vol. 24, No. 1, 2004, pp. 62-69.
[10] H. Song and J. W. Lockwood, “Efficient Packet Classification for Network Intrusion Detection Using FPGA,” Proceedings of the International Symposium on Field- Programmable Gate Arrays (FPGA’05), Monterey, 20-22 February, 2005.
[11] J. Yen and R. Langari, “Fuzzy Logic: Intelligence, Control and Information,” Prentice Hall, Upper Saddle River NJ, 1999.
[13] M. S. Abadeh, J. Habibi and C. Lucas, “Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm,” Journal of Network and Computer Applications, Vol. 30, No. 2007, 2007, pp. 414-428.

comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.