ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
1. Paper ID: N117
ICCCI, Wuhan, China October 13th-15th 1
Session: Network and Application Technology
2. Mawlana Bhashani Science and Technology University,
Bangladesh
Performance Evaluation of Fuzzy Integrated Firewall Model
for Hybrid Cloud Based on Packet Utilization
Asma Islam Swapna, Ziaur Rahman, Md. Habibur Rahman, Md. Akramuzzaman
Dept. of Information and Communication Technology
ICCCI, Wuhan, China October 13th-15th 2
4. Introduction
Cloud ?
Distributed Service provided over Internet
• Private
Enterprises control access, high security
• Public
Users gain access to cloud easily on demand
• Hybrid
Integration of Public and Private Cloud
ICCCI, Wuhan, China October 13th-15th 4
Source: The Age of the Customer by Jim Blasingame, 2015
5. Introduction (Cont.)
Hybrid Cloud Security !
Flexible data access Intrusion Prevention System (IPS)
Ex. Firewall ?
Controls and filters the incoming and outgoing
traffic of a system standing between the internal
network and world outside
ICCCI, Wuhan, China October 13th-15th 5
6. Introduction (Cont.)
Fuzzy System
• Describe complex systems with linguistic descriptions
• A control system based on fuzzy logic and operates on fuzzy controller
Fuzzy Control System
ICCCI, Wuhan, China October 13th-15th 6
Fuzzy Controller
Process Model
Control Rules
ControlInput Output
Source: MICHIO SUGENO , An Introductory Survey of Fuzzy Control, 1985
Error
7. Motivation
• Distributed, autonomous, administrative Hybrid Cloud
infrastructures are more vulnerable and prone to security
risks
• Network based IPS and host based IPS adopts traditional
Firewall
• Today’s malicious code, worms, network attacks on hybrid
cloud servers
ICCCI, Wuhan, China October 13th-15th 7
8. Motivation (Cont.)
Limitation?
Limited port & unrealizable single point defense
Ineffective packet filtration in emerging HTTP traffic
Security Breaches, Trojan & Cyber attacks
Larger industry management
ICCCI, Wuhan, China October 13th-15th 8
9. Proposed Model
ICCCI, Wuhan, China October 13th-15th 9
Fuzzy Controller Controlling incoming and outgoing packet
Fuzzy rules providing dynamic packet filtered for Hybrid cloud
Packet filtering based on Packet utilization on the cloud server
Fuzzy
Integrated
Firewall !
12. Fuzzified Firewall Model (Cont.)
Source Generation- Gaussian member function used for source
security
𝑍𝑜 =
𝑧
𝑧𝜇 𝑧 𝑑𝑧
𝑧
𝜇 𝑧 𝑑𝑧
Destination Generation- Centre of the gravity method for
destination security
𝜇 𝑆 𝑠, 𝑐, 𝜎 = 𝑒
(𝑠 −𝑐)2
2𝜎2
ICCCI, Wuhan, China October 13th-15th 12
13. ICCCI, Wuhan, China October 13th-15th 13
Rules & Security Levels
Source Destination Security
Low Low Insecure
Low Medium Low Security
Low Medium-High Medium Secured
Low High High Secured
Medium Low-Medium Medium Secured
Medium Low Insecure
High High High Secured
14. Firewall Integration
ICCCI, Wuhan, China October 13th-15th 14
• Fuzzy Security Levels based on MFC rules integrated with
Riverbed Cloud model
• Incoming packet traffic in the Hybrid cloud will pass
Fuzzified firewall logic control to get legitimate access to
the hybrid cloud
• Unauthorized traffic with lower level security of source and
destination address discarded in the model
• Evaluation and comparison with fuzzified and no firewall
scenario for traffic to web server and database server
15. Results Evaluation
ICCCI, Wuhan, China October 13th-15th 15
Packet filtration in fuzzy
integrated firewall scenario
representing 25% increased
response time in non-fuzzified
firewall
16. Results Evaluation (Cont.)
ICCCI, Wuhan, China October 13th-15th 16
10-20% easier access (more
packet sent per time) in
fuzzified firewall through
secure firewall tunnel of
packet filtration
17. Contribution & Conclusion
• Designed Fuzzy controller for Firewall Model
• Generated security levels for firewall operation
• Integrated security levels with Hybrid Cloud topology
• Collected HTTP traffic response in Web server
• Collected database query traffic response in Database server
• Evaluated model using no firewall, fuzzified firewall and
traditional firewall comparative result
• Effective Fuzzy Controller better performance in larger
industry.
• Dynamic Packet monitoring and filtrering
ICCCI, Wuhan, China October 13th-15th 17
18. References
[1] Q. Liu, C. Weng, M. Li, and Y. Luo, “An in-vm measuring framework for increasing virtual machine security
in clouds,” Security & Privacy, IEEE, vol. 8, no. 6, pp. 56–62, 2010.
[2] J. D. Burton, Cisco security professional’s guide to secure intrusion detection systems. Syngress Publ., 2003.
[3] T. Sproull and J. Lockwood, “Wide-area hardware-accelerated intrusion prevention systems (whips),” in
Proceedings of the International Working Conference on Active Networking (IWAN), 2004, pp. 27–29.
[4] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel
bloom filters,” in High performance interconnects, 2003. proceedings. 11th symposium on. IEEE, 2003, pp. 44–51.
[5] H. Kurdi, M. Enazi, and A. Al Faries, “Evaluating firewall models for hybrid clouds,” in Modelling Symposium
(EMS), 2013 European. IEEE, 2013, pp. 514–519.
[6] A. V. Dastjerdi and R. Buyya, “Compatibility-aware cloud service composition under fuzzy preferences of
users,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 1–13, 2014.
[7] Riverbed Modular, (accessed June 30, 2016). [Online]. Available: http://www.riverbed.com/sg/
[8] M. Sharma, H. Bansal, and A. K. Sharma, “Cloud computing: Different approach & security challenge,”
International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 1, pp. 421–424, 2012.
[9] J. Srinivas, K. V. S. Reddy, and A. M. QYSER, “Cloud computing basics,” International Journal of Advanced
Research in Computer and Communication Engineering, vol. 1, no. 5, 2012.
[10] S. Ray and A. De Sarkar, “Execution analysis of load balancing algorithms in cloud computing
environment,” International Journal on Cloud Computing: Services and Architecture (IJCCSA), vol. 2, no. 5, pp. 1–
13, 2012.
ICCCI, Wuhan, China October 13th-15th 18