Call for Paper - September 2020 Edition
IJCA solicits original research papers for the September 2020 Edition. Last date of manuscript submission is August 20, 2020. Read More

Modelling Multiple Packet Filters with FSA for Filtering Malicious Packet

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2015
Authors:
Kruti Kakkad, Krunal Vaghela
10.5120/ijca2015906143

Kruti Kakkad and Krunal Vaghela. Article: Modelling Multiple Packet Filters with FSA for Filtering Malicious Packet. International Journal of Computer Applications 126(15):30-33, September 2015. Published by Foundation of Computer Science (FCS), NY, USA. BibTeX

@article{key:article,
	author = {Kruti Kakkad and Krunal Vaghela},
	title = {Article: Modelling Multiple Packet Filters with FSA for Filtering Malicious Packet},
	journal = {International Journal of Computer Applications},
	year = {2015},
	volume = {126},
	number = {15},
	pages = {30-33},
	month = {September},
	note = {Published by Foundation of Computer Science (FCS), NY, USA}
}

Abstract

Computer network security is now a days gaining popularity among network users. Organizations are spending more time and money for securing their information. Security is also more considered by the network researchers due to the importance of network security has grown unbelievably. Finite Automata or the state machine is a mathematical model to designing computer software and sequential logic circuits. FSA uses pattern for filtering. A pattern is a group of characters that exist along with the malicious programs. Pattern matching is the process of matching the incoming packet contents with the known patterns of the malware. In this paper we have tried to explain the firewall which improves the security with faster firewall mechanism. Our proposed solution provides filtering according to the keyword and port number. Also we have proposed new feature for the LAN users that is any user can interact with the other user of the same server. We have tried to propose a firewall which is dynamic where we can change the filtering rules. Previous work is limited when there is dynamic changes needed to the firewall. Also the important improvement is related to the time duration. Our proposed solution with FSA (Finite State Automata) regular expression takes less time for filtering of the packet compare to the algorithm which doesn't use the FSA.

References

  1. Meng-meng Zhang, Yan Sun and Jingzhong Wang,” A Fast Regular Expressions Matching Algorithm for NIDS”, Applied Mathematics & Information Sciences an International Journal Mar. 2013
  2. Arti, Dr. S. S. Tyagi "Study of MANET: Characteristics, Challenges, Application and Security Attacks" \emph {International Journal of Advanced Research in Computer Science and Software Engineering}, Volume 3, Issue 5, May 2013 ISSN: 2277 128X.
  3. Min-kyu Choi, Rosslin John Robles, Chang-hwa Hong, Tai-hoon Kim"Wireless Network Security: Vulnerabilities, Threats and Countermeasures "'International Journal of Multimedia and Ubiquitous Engineering"', Vol. 3, No. 3, July, 2008
  4. Marco Leogrande,FulvioRisso and Luigi Ciminiera,"'Modeling Complex Packet FiltersWith Finite State Automata"',IEEE/ACM TRANSACTIONS ON NETWORKING,1063-6692 , 2013 IEEE
  5. Zouheir Trabelsi, UAE University, "'Teaching Stateless And Statefull Firewall Packet Filtering: A Hands On Approach"', 16th Colloquium for Information Systems Security , Education Lake Buena Vista, Florida June 11 - 13, 2012
  6. J. C. Mogul, R. F. Rashid, and M. J. Accetta, “The packet filter: An efficient mechanism for user-level network code,” in Proc. 11th ACM Symp. Oper. Syst. Principles, Austin, TX, USA, Nov. 1987, pp. 39–51.
  7. M. L. Bayley, B. Gopal, M. A. Pagels, and L. L. Peterson, “PATHFINDER: A pattern-based packet classifier,” in Proc. 1st USENIX Symp. Oper. Syst. Design Implement, Monterey, CA, USA, Nov. 1994, pp. 115–123.
  8. A. Begel, S. McCanne, and S. L. Graham, “BPF+: Exploiting global data-flow optimization in a generalized packet filter architecture,” Comput. Commun. Rev., vol. 29, no. 4, pp. 123–134, Oct. 1999.
  9. D. R. Engler and M. F. Kaashoek, “DPF: Fast, flexible message demultiplexing using dynamic code generation,” in Proc. ACM SIGCOMM, Stanford, CA, USA, Aug. 1996, pp. 53–59.
  10. Z. Wu, M. Xie, and H. Wang, “Swift: A fast dynamic packet filter,” in Proc. 5th USENIX Symp. Netw. Syst. Design Implement., San Francisco, CA, USA, Apr. 2008, pp. 279–292
  11. Pierluigi Rolando, Riccardo Sisto, Member, ACM, and Fulvio Risso,” SPAF: Stateless FSA-Based Packet Filters”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 1, FEBRUARY 2011
  12. C. Jasmine, Dr. T. Latha,” Finite Automata in Pattern matching for Hardware based NIDS Applications – a Tutorial and Survey”, Progress In Science in Engineering Research Journal,PISER 12, Vol.02, Issue: 02/06 March- April; Bimonthly International Journal Page(s) 351-360
  13. Zouheir Trabelsi, UAE University, “Teaching Stateless And Statefull Firewall Packet Filtering: A Hands On Approach”, 16th Colloquium for Information Systems Security Education Lake Buena Vista, Florida June 11 - 13, 2012.
  14. Jamuna Bhandari, "' Techniques Used in String Matching for Network Security"',International Journal of Computer, Information, Systems and Control Engineering Vol:8 No:5, 2014.
  15. Marco Leogrande, Member, IEEE, Fulvio Risso, Member, IEEE, and Luigi Ciminiera, “Modeling Complex Packet Filters with Finite State”, IEEE/ACM TRANSACTIONS ON NETWORKING · FEBRUARY 2015

Keywords

Firewall, packet filtering, Stateful firewall, stateless firewall, FSA