ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on...

Paper ID: N117

ICCCI, Wuhan, China October 13th-15th 1

Session: Network and Application Technology

Mawlana Bhashani Science and Technology University, Bangladesh

Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization

Asma Islam Swapna, Ziaur Rahman, Md. Habibur Rahman, Md. AkramuzzamanDept. of Information and Communication Technology


Presentation Summary

Introduction

Motivation

Proposed Model

Cloud Architecture

Fuzzified Firewall Model

Rules and Security Levels

Results Evaluation

Contribution & Conclusion

References


IntroductionCloud ?

Distributed Service provided over Internet

• PrivateEnterprises control access, high security

• Public

Users gain access to cloud easily on demand

• Hybrid

Integration of Public and Private Cloud

ICCCI, Wuhan, China October 13th-15th 4Source: The Age of the Customer by Jim Blasingame, 2015

Introduction (Cont.)

Hybrid Cloud Security !

Flexible data access Intrusion Prevention System (IPS)

Ex. Firewall ?

Controls and filters the incoming and outgoing

traffic of a system standing between the internal

network and world outside


Introduction (Cont.)

Fuzzy System

• Describe complex systems with linguistic descriptions

• A control system based on fuzzy logic and operates on fuzzy controller

Fuzzy Control System


Fuzzy Controller

Process ModelControl Rules

ControlInput Output

Source: MICHIO SUGENO , An Introductory Survey of Fuzzy Control, 1985

Error

Motivation• Distributed, autonomous, administrative Hybrid Cloud

infrastructures are more vulnerable and prone to security risks

• Network based IPS and host based IPS adopts traditional Firewall

• Today’s malicious code, worms, network attacks on hybrid cloud servers


Motivation (Cont.)

Limitation?Limited port & unrealizable single point defense

Ineffective packet filtration in emerging HTTP traffic

Security Breaches, Trojan & Cyber attacks

Larger industry management


Proposed Model


Fuzzy Controller Controlling incoming and outgoing packet

Fuzzy rules providing dynamic packet filtered for Hybrid cloud

Packet filtering based on Packet utilization on the cloud server

Fuzzy Integrated Firewall !

Cloud Architecture


Fuzzified Firewall Model


Fuzzified Firewall Model (Cont.)

Source Generation- Gaussian member function used for source security

𝑍𝑜 =𝑧 𝑧𝜇 𝑧 𝑑𝑧

𝑧 𝜇 𝑧 𝑑𝑧

Destination Generation- Centre of the gravity method for destination security

𝜇𝑆 𝑠, 𝑐, 𝜎 = 𝑒(𝑠 −𝑐)2

2𝜎2



Rules & Security LevelsSource Destination Security

Low Low Insecure

Low Medium Low Security

Low Medium-High Medium Secured

Low High High Secured

Medium Low-Medium Medium Secured

Medium Low Insecure

High High High Secured

Firewall Integration


• Fuzzy Security Levels based on MFC rules integrated with Riverbed Cloud model

• Incoming packet traffic in the Hybrid cloud will pass Fuzzified firewall logic control to get legitimate access to the hybrid cloud

• Unauthorized traffic with lower level security of source and destination address discarded in the model

• Evaluation and comparison with fuzzified and no firewall scenario for traffic to web server and database server

Results Evaluation


Packet filtration in fuzzy integrated firewall scenario representing 25% increased response time in non-fuzzifiedfirewall

Results Evaluation (Cont.)


10-20% easier access (more packet sent per time) in fuzzified firewall through secure firewall tunnel of packet filtration

Contribution & Conclusion• Designed Fuzzy controller for Firewall Model

• Generated security levels for firewall operation

• Integrated security levels with Hybrid Cloud topology

• Collected HTTP traffic response in Web server

• Collected database query traffic response in Database server

• Evaluated model using no firewall, fuzzified firewall and traditional firewall comparative result

• Effective Fuzzy Controller better performance in larger industry.

• Dynamic Packet monitoring and filtrering


References

[1] Q. Liu, C. Weng, M. Li, and Y. Luo, “An in-vm measuring framework for increasing virtual machine security in clouds,” Security & Privacy, IEEE, vol. 8, no. 6, pp. 56–62, 2010.

[2] J. D. Burton, Cisco security professional’s guide to secure intrusion detection systems. Syngress Publ., 2003.

[3] T. Sproull and J. Lockwood, “Wide-area hardware-accelerated intrusion prevention systems (whips),” in Proceedings of the International Working Conference on Active Networking (IWAN), 2004, pp. 27–29.

[4] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” in High performance interconnects, 2003. proceedings. 11th symposium on. IEEE, 2003, pp. 44–51.

[5] H. Kurdi, M. Enazi, and A. Al Faries, “Evaluating firewall models for hybrid clouds,” in Modelling Symposium (EMS), 2013 European. IEEE, 2013, pp. 514–519.

[6] A. V. Dastjerdi and R. Buyya, “Compatibility-aware cloud service composition under fuzzy preferences of users,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 1–13, 2014.

[7] Riverbed Modular, (accessed June 30, 2016). [Online]. Available: http://www.riverbed.com/sg/

[8] M. Sharma, H. Bansal, and A. K. Sharma, “Cloud computing: Different approach & security challenge,” International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 1, pp. 421–424, 2012.

[9] J. Srinivas, K. V. S. Reddy, and A. M. QYSER, “Cloud computing basics,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 1, no. 5, 2012.

[10] S. Ray and A. De Sarkar, “Execution analysis of load balancing algorithms in cloud computing environment,” International Journal on Cloud Computing: Services and Architecture (IJCCSA), vol. 2, no. 5, pp. 1–13, 2012.


Question & Answer !


Thanks!Asma Islam Swapna

Twitter: @AsmaSwapnaGithub: @AsmaSwapna

Tech site: www.asmaswapna.github.ioResearchGate: Asma_Swapna2

LinkedIn: asma0swapna


ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on...

Engineering

Transcript of ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on...