ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
•
2 likes•153 views
This was my first presentation in any IEEE conference as a first author held in Wuhan, China
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
Similar to ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization (20)
Recently uploaded
Recently uploaded (20)
ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
- 1. Paper ID: N117 ICCCI, Wuhan, China October 13th-15th 1 Session: Network and Application Technology
- 2. Mawlana Bhashani Science and Technology University, Bangladesh Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization Asma Islam Swapna, Ziaur Rahman, Md. Habibur Rahman, Md. Akramuzzaman Dept. of Information and Communication Technology ICCCI, Wuhan, China October 13th-15th 2
- 3. Presentation Summary Introduction Motivation Proposed Model Cloud Architecture Fuzzified Firewall Model Rules and Security Levels Results Evaluation Contribution & Conclusion References ICCCI, Wuhan, China October 13th-15th 3
- 4. Introduction Cloud ? Distributed Service provided over Internet • Private Enterprises control access, high security • Public Users gain access to cloud easily on demand • Hybrid Integration of Public and Private Cloud ICCCI, Wuhan, China October 13th-15th 4 Source: The Age of the Customer by Jim Blasingame, 2015
- 5. Introduction (Cont.) Hybrid Cloud Security ! Flexible data access Intrusion Prevention System (IPS) Ex. Firewall ? Controls and filters the incoming and outgoing traffic of a system standing between the internal network and world outside ICCCI, Wuhan, China October 13th-15th 5
- 6. Introduction (Cont.) Fuzzy System • Describe complex systems with linguistic descriptions • A control system based on fuzzy logic and operates on fuzzy controller Fuzzy Control System ICCCI, Wuhan, China October 13th-15th 6 Fuzzy Controller Process Model Control Rules ControlInput Output Source: MICHIO SUGENO , An Introductory Survey of Fuzzy Control, 1985 Error
- 7. Motivation • Distributed, autonomous, administrative Hybrid Cloud infrastructures are more vulnerable and prone to security risks • Network based IPS and host based IPS adopts traditional Firewall • Today’s malicious code, worms, network attacks on hybrid cloud servers ICCCI, Wuhan, China October 13th-15th 7
- 8. Motivation (Cont.) Limitation? Limited port & unrealizable single point defense Ineffective packet filtration in emerging HTTP traffic Security Breaches, Trojan & Cyber attacks Larger industry management ICCCI, Wuhan, China October 13th-15th 8
- 9. Proposed Model ICCCI, Wuhan, China October 13th-15th 9 Fuzzy Controller Controlling incoming and outgoing packet Fuzzy rules providing dynamic packet filtered for Hybrid cloud Packet filtering based on Packet utilization on the cloud server Fuzzy Integrated Firewall !
- 10. Cloud Architecture ICCCI, Wuhan, China October 13th-15th 10
- 11. Fuzzified Firewall Model ICCCI, Wuhan, China October 13th-15th 11
- 12. Fuzzified Firewall Model (Cont.) Source Generation- Gaussian member function used for source security 𝑍𝑜 = 𝑧 𝑧𝜇 𝑧 𝑑𝑧 𝑧 𝜇 𝑧 𝑑𝑧 Destination Generation- Centre of the gravity method for destination security 𝜇 𝑆 𝑠, 𝑐, 𝜎 = 𝑒 (𝑠 −𝑐)2 2𝜎2 ICCCI, Wuhan, China October 13th-15th 12
- 13. ICCCI, Wuhan, China October 13th-15th 13 Rules & Security Levels Source Destination Security Low Low Insecure Low Medium Low Security Low Medium-High Medium Secured Low High High Secured Medium Low-Medium Medium Secured Medium Low Insecure High High High Secured
- 14. Firewall Integration ICCCI, Wuhan, China October 13th-15th 14 • Fuzzy Security Levels based on MFC rules integrated with Riverbed Cloud model • Incoming packet traffic in the Hybrid cloud will pass Fuzzified firewall logic control to get legitimate access to the hybrid cloud • Unauthorized traffic with lower level security of source and destination address discarded in the model • Evaluation and comparison with fuzzified and no firewall scenario for traffic to web server and database server
- 15. Results Evaluation ICCCI, Wuhan, China October 13th-15th 15 Packet filtration in fuzzy integrated firewall scenario representing 25% increased response time in non-fuzzified firewall
- 16. Results Evaluation (Cont.) ICCCI, Wuhan, China October 13th-15th 16 10-20% easier access (more packet sent per time) in fuzzified firewall through secure firewall tunnel of packet filtration
- 17. Contribution & Conclusion • Designed Fuzzy controller for Firewall Model • Generated security levels for firewall operation • Integrated security levels with Hybrid Cloud topology • Collected HTTP traffic response in Web server • Collected database query traffic response in Database server • Evaluated model using no firewall, fuzzified firewall and traditional firewall comparative result • Effective Fuzzy Controller better performance in larger industry. • Dynamic Packet monitoring and filtrering ICCCI, Wuhan, China October 13th-15th 17
- 18. References [1] Q. Liu, C. Weng, M. Li, and Y. Luo, “An in-vm measuring framework for increasing virtual machine security in clouds,” Security & Privacy, IEEE, vol. 8, no. 6, pp. 56–62, 2010. [2] J. D. Burton, Cisco security professional’s guide to secure intrusion detection systems. Syngress Publ., 2003. [3] T. Sproull and J. Lockwood, “Wide-area hardware-accelerated intrusion prevention systems (whips),” in Proceedings of the International Working Conference on Active Networking (IWAN), 2004, pp. 27–29. [4] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” in High performance interconnects, 2003. proceedings. 11th symposium on. IEEE, 2003, pp. 44–51. [5] H. Kurdi, M. Enazi, and A. Al Faries, “Evaluating firewall models for hybrid clouds,” in Modelling Symposium (EMS), 2013 European. IEEE, 2013, pp. 514–519. [6] A. V. Dastjerdi and R. Buyya, “Compatibility-aware cloud service composition under fuzzy preferences of users,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 1–13, 2014. [7] Riverbed Modular, (accessed June 30, 2016). [Online]. Available: http://www.riverbed.com/sg/ [8] M. Sharma, H. Bansal, and A. K. Sharma, “Cloud computing: Different approach & security challenge,” International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 1, pp. 421–424, 2012. [9] J. Srinivas, K. V. S. Reddy, and A. M. QYSER, “Cloud computing basics,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 1, no. 5, 2012. [10] S. Ray and A. De Sarkar, “Execution analysis of load balancing algorithms in cloud computing environment,” International Journal on Cloud Computing: Services and Architecture (IJCCSA), vol. 2, no. 5, pp. 1– 13, 2012. ICCCI, Wuhan, China October 13th-15th 18
- 19. Question & Answer ! ICCCI, Wuhan, China October 13th-15th 19
- 20. Thanks! Asma Islam Swapna Twitter: @AsmaSwapna Github: @AsmaSwapna Tech site: www.asmaswapna.github.io ResearchGate: Asma_Swapna2 LinkedIn: asma0swapna ICCCI, Wuhan, China October 13th-15th 20