ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on...
-
Upload
asma-swapna -
Category
Engineering
-
view
60 -
download
0
Transcript of ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on...
Paper ID: N117
ICCCI, Wuhan, China October 13th-15th 1
Session: Network and Application Technology
Mawlana Bhashani Science and Technology University, Bangladesh
Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
Asma Islam Swapna, Ziaur Rahman, Md. Habibur Rahman, Md. AkramuzzamanDept. of Information and Communication Technology
ICCCI, Wuhan, China October 13th-15th 2
Presentation Summary
Introduction
Motivation
Proposed Model
Cloud Architecture
Fuzzified Firewall Model
Rules and Security Levels
Results Evaluation
Contribution & Conclusion
References
ICCCI, Wuhan, China October 13th-15th 3
IntroductionCloud ?
Distributed Service provided over Internet
• PrivateEnterprises control access, high security
• Public
Users gain access to cloud easily on demand
• Hybrid
Integration of Public and Private Cloud
ICCCI, Wuhan, China October 13th-15th 4Source: The Age of the Customer by Jim Blasingame, 2015
Introduction (Cont.)
Hybrid Cloud Security !
Flexible data access Intrusion Prevention System (IPS)
Ex. Firewall ?
Controls and filters the incoming and outgoing
traffic of a system standing between the internal
network and world outside
ICCCI, Wuhan, China October 13th-15th 5
Introduction (Cont.)
Fuzzy System
• Describe complex systems with linguistic descriptions
• A control system based on fuzzy logic and operates on fuzzy controller
Fuzzy Control System
ICCCI, Wuhan, China October 13th-15th 6
Fuzzy Controller
Process ModelControl Rules
ControlInput Output
Source: MICHIO SUGENO , An Introductory Survey of Fuzzy Control, 1985
Error
Motivation• Distributed, autonomous, administrative Hybrid Cloud
infrastructures are more vulnerable and prone to security risks
• Network based IPS and host based IPS adopts traditional Firewall
• Today’s malicious code, worms, network attacks on hybrid cloud servers
ICCCI, Wuhan, China October 13th-15th 7
Motivation (Cont.)
Limitation?Limited port & unrealizable single point defense
Ineffective packet filtration in emerging HTTP traffic
Security Breaches, Trojan & Cyber attacks
Larger industry management
ICCCI, Wuhan, China October 13th-15th 8
Proposed Model
ICCCI, Wuhan, China October 13th-15th 9
Fuzzy Controller Controlling incoming and outgoing packet
Fuzzy rules providing dynamic packet filtered for Hybrid cloud
Packet filtering based on Packet utilization on the cloud server
Fuzzy Integrated Firewall !
Cloud Architecture
ICCCI, Wuhan, China October 13th-15th 10
Fuzzified Firewall Model
ICCCI, Wuhan, China October 13th-15th 11
Fuzzified Firewall Model (Cont.)
Source Generation- Gaussian member function used for source security
𝑍𝑜 =𝑧 𝑧𝜇 𝑧 𝑑𝑧
𝑧 𝜇 𝑧 𝑑𝑧
Destination Generation- Centre of the gravity method for destination security
𝜇𝑆 𝑠, 𝑐, 𝜎 = 𝑒(𝑠 −𝑐)2
2𝜎2
ICCCI, Wuhan, China October 13th-15th 12
ICCCI, Wuhan, China October 13th-15th 13
Rules & Security LevelsSource Destination Security
Low Low Insecure
Low Medium Low Security
Low Medium-High Medium Secured
Low High High Secured
Medium Low-Medium Medium Secured
Medium Low Insecure
High High High Secured
Firewall Integration
ICCCI, Wuhan, China October 13th-15th 14
• Fuzzy Security Levels based on MFC rules integrated with Riverbed Cloud model
• Incoming packet traffic in the Hybrid cloud will pass Fuzzified firewall logic control to get legitimate access to the hybrid cloud
• Unauthorized traffic with lower level security of source and destination address discarded in the model
• Evaluation and comparison with fuzzified and no firewall scenario for traffic to web server and database server
Results Evaluation
ICCCI, Wuhan, China October 13th-15th 15
Packet filtration in fuzzy integrated firewall scenario representing 25% increased response time in non-fuzzifiedfirewall
Results Evaluation (Cont.)
ICCCI, Wuhan, China October 13th-15th 16
10-20% easier access (more packet sent per time) in fuzzified firewall through secure firewall tunnel of packet filtration
Contribution & Conclusion• Designed Fuzzy controller for Firewall Model
• Generated security levels for firewall operation
• Integrated security levels with Hybrid Cloud topology
• Collected HTTP traffic response in Web server
• Collected database query traffic response in Database server
• Evaluated model using no firewall, fuzzified firewall and traditional firewall comparative result
• Effective Fuzzy Controller better performance in larger industry.
• Dynamic Packet monitoring and filtrering
ICCCI, Wuhan, China October 13th-15th 17
References
[1] Q. Liu, C. Weng, M. Li, and Y. Luo, “An in-vm measuring framework for increasing virtual machine security in clouds,” Security & Privacy, IEEE, vol. 8, no. 6, pp. 56–62, 2010.
[2] J. D. Burton, Cisco security professional’s guide to secure intrusion detection systems. Syngress Publ., 2003.
[3] T. Sproull and J. Lockwood, “Wide-area hardware-accelerated intrusion prevention systems (whips),” in Proceedings of the International Working Conference on Active Networking (IWAN), 2004, pp. 27–29.
[4] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” in High performance interconnects, 2003. proceedings. 11th symposium on. IEEE, 2003, pp. 44–51.
[5] H. Kurdi, M. Enazi, and A. Al Faries, “Evaluating firewall models for hybrid clouds,” in Modelling Symposium (EMS), 2013 European. IEEE, 2013, pp. 514–519.
[6] A. V. Dastjerdi and R. Buyya, “Compatibility-aware cloud service composition under fuzzy preferences of users,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 1–13, 2014.
[7] Riverbed Modular, (accessed June 30, 2016). [Online]. Available: http://www.riverbed.com/sg/
[8] M. Sharma, H. Bansal, and A. K. Sharma, “Cloud computing: Different approach & security challenge,” International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 1, pp. 421–424, 2012.
[9] J. Srinivas, K. V. S. Reddy, and A. M. QYSER, “Cloud computing basics,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 1, no. 5, 2012.
[10] S. Ray and A. De Sarkar, “Execution analysis of load balancing algorithms in cloud computing environment,” International Journal on Cloud Computing: Services and Architecture (IJCCSA), vol. 2, no. 5, pp. 1–13, 2012.
ICCCI, Wuhan, China October 13th-15th 18
Question & Answer !
ICCCI, Wuhan, China October 13th-15th 19
Thanks!Asma Islam Swapna
Twitter: @AsmaSwapnaGithub: @AsmaSwapna
Tech site: www.asmaswapna.github.ioResearchGate: Asma_Swapna2
LinkedIn: asma0swapna
ICCCI, Wuhan, China October 13th-15th 20