| Constructed either on hardware or software or both, firewall maintains system security by monitoring and filtering incoming and outgoing data. Packet filtering and application proxies are two kinds of mature software based firewall models. The central components of packet filtering firewalls are the filtering rules and the connection states. A major challenge packet filtering firewalls face is how to balance security and performance. Firewalls either achieve higher security with more rules at the expense of performance or achieve better performance with incorrect or loose rules which in turn compromise securities.This paper proposes an adaptive firewall model to solve the aforementioned problems. In our approach, we construct the firewall's filtering policies based on a combination of network characteristics, default values and user preferences. In addition, we propose a dynamic statistics based optimization scheme on the filtering policy. Experimentations show that our proposed strategy achieves a good balance between security and performance under majority cases. |
PDF Full Text Request