An Approach to Mitigate Malware Attacks Using Netfilter's Hybrid Frame in Firewall Security

An Approach to Mitigate Malware Attacks Using Netfilter's Hybrid Frame in Firewall Security

Nivedita Nahar (National Institute of Technical Teachers Training and Research, Chandigarh, India), Prerna Dewan (National Institute of Technical Teachers Training and Research, Panchkula, India) and Rakesh Kumar (National Institute of Technical Teachers Training and Research, Chandigarh, India)
Copyright: © 2018 |Pages: 30
DOI: 10.4018/IJOSSP.2018010103
OnDemand PDF Download:
No Current Special Offers


With the steady advancements in the technology, the network security is really important these days to protect information from attackers. In this research, the main focus is on designing strong firewall filtering rules so that detection of malicious code is achieved to an optimal level. A proposed framework is introduced to improve the performance parameters such as Server response time, Web content analysis, Bandwidth, and the performance of the Network traffic load. This research work defines a new set of IPtable rules achieved by modifying the kernel source code. This is done using OpenBSD kernel source code, which results in the formation of a mini-firewall. Therefore, a new hybrid approach is proposed by adding packet filtering rules and SNORT technology in mini-firewall for malicious activity detection. It is an efficient and practical technique which will be helpful to mitigate the malware attacks and secure LAMP server. Experimental analysis has been done to conclude that around 70-75% malicious activity can be reduced by using the proposed technique.
Article Preview

1. Introduction

The Internet is being used in various types of devices like laptops, desktops, smartphones, household equipment’s, etc. So, it has become an essential part of our daily life. As the connectivity of the network increases day by day, there are a lot of network security threats in our daily life. In recent years, all kinds of security attacks break out continuously such as, in Russia, there were over 100 users whose accounts were hacked, Dailymotion’s site was hacked and 85 million email addresses were extracted, Myspace data was hacked, a malicious attack on the Reserve Bank of India took place (The 10 biggest security incidents of 2017). This is why it has become extremely important to protect our servers or web assets. How should user proceed to establish a secure environment? There are many ways to ensure the security of our dedicated servers. There are a number of hardware firewall that can be used to provide the best malware detection method for network security; however, software firewall is more beneficial for smaller enterprises in terms of money and time. Targeted modifications in Netfilter/ IPtables make it easier and simpler to configure a strong firewall to solve the security related problems and detect malware to achieve optimal level in server security to protect database. The purpose of this research is to perform analysis on a network firewall against day to day attacks. Essentially, the outcomes of our practical implementation will lead to enhancements in the mini-firewall. This will increase the server’s safety information system against stealthy attacks, such as faster DDoS attack, Slowloris attack, DDoS carried out by attacking tool etc. This paper will thus introduces the open BSD (Fingerprinting, 2015) (Isohara et al., 2011) based open source firewall which is achieved by kernel modification. As this work is based on open source, it has the benefits like - cost, flexibility, freedom, security, and accountability - that are unsurpassed by proprietary software solutions. OSS also provides long-term viability and is always on the cutting-edge of technology.

1.1. Introduction to Linux Firewall

A firewall is an important tool that protects the users and other hosts in a network from an attacker in an untrusted network (Mao, 2012). A firewall can be extremely helpful in the event that it is utilized as a filter for all the packets that go to and from the system (Salah et al., 2010). A firewall system can also be configured to conceal multiple hosts behind a single Internet protocol address using a process known as Network Address Translation (Linux Firewall Indtroduction). The firewall protected server’s schema is shown in Figure 1.

Figure 1.

Firewall protected server’s schema


Complete Article List

Search this Journal:
Open Access Articles
Volume 12: 4 Issues (2021): Forthcoming, Available for Pre-Order
Volume 11: 4 Issues (2020): 3 Released, 1 Forthcoming
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 1 Issue (2015)
Volume 5: 3 Issues (2014)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing