JIS  Vol.2 No.3 , July 2011
Proactive Security Mechanism and Design for Firewall
Abstract: In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security algorithm, we have figured out security level of each packet and adjust according to packets dynamic states. Internet firewall can respond to these dynamics and take respective actions accordingly. Therefore, proactive firewall solves the conflict between speed and security by providing high performance and high security. Simulation shows that if the response value is in between 0.7 and 1 it belongs to high security.
Cite this paper: nullS. Lar, X. Liao, A. Rehman and M. Qinglu, "Proactive Security Mechanism and Design for Firewall," Journal of Information Security, Vol. 2 No. 3, 2011, pp. 122-130. doi: 10.4236/jis.2011.23012.

[1]   CSI/FBI, “Computer Crime and Security Survey,” 2004.

[2]   C. Baumrucker, J. Burton, S. Dentler, et al., “Cisco Security Professional’s Guide to Secure Intrusion Detection Systems,” Syngress Publishing, Burlington, 2003.

[3]   C. Endorf, E. Schultz and J. Mellander, “Intrusion Detection & Prevention,” McGraw-Hill, Boston, 2004.

[4]   “Technical Overview of The Bouncer,”

[5]   M. Barkett, “Intrusion Prevention Systems,” NFR Security, Inc., 2004.

[6]   K. Xinidis, K. G. Anagnostakis and E. P. Markatos, “Design and Implementation of a High Performance Network Intrusion Prevention System,” Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, 30 May-1 June, 2005.

[7]   T. Sproul and J. Lockwood, “Wide-Area Hardware-Ac- celerated Intrusion Prevention Systems (WHIPS),” Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, 27-29 October 2004.

[8]   D. Sarang, K. Praveen, T. S. Sproull and J. W. Lockwood, “Deep Packet Inspection Using Parallel Bloom Filters,” IEEE Micro, Vol. 24, No. 1, 2004., pp. 52-61.

[9]   D. V. Schuehler, J. Moscola and J. W. Lockwood, “Architecture for a Hardware-Based, TCP/IP Content- Processing System”, IEEE Micro, Vol. 24, No. 1, 2004, pp. 62-69.

[10]   H. Song and J. W. Lockwood, “Efficient Packet Classification for Network Intrusion Detection Using FPGA,” Proceedings of the International Symposium on Field- Programmable Gate Arrays (FPGA’05), Monterey, 20-22 February, 2005.

[11]   J. Yen and R. Langari, “Fuzzy Logic: Intelligence, Control and Information,” Prentice Hall, Upper Saddle River NJ, 1999.


[13]   M. S. Abadeh, J. Habibi and C. Lucas, “Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm,” Journal of Network and Computer Applications, Vol. 30, No. 2007, 2007, pp. 414-428.