Information protection in computers is gaining a lot of importance in real world applications. To secure the private networks of businesses and institutions, a firewall is installed in a specially designated computer separate from the rest of the network so that no incoming packet can directly get into the private network. The system monitors and blocks the requests from illegal networks. The existing methods of packet filtering algorithms suffer from drawbacks in terms of search space and storage. To overcome the drawbacks, a Fireworks-based approach of packet filtering is proposed in this chapter. Termed Fireworks-based Packet Filtering (FWPF) algorithm, the sparks generated by the fireworks makes a decision about the rule position in the firewall ruleset matching with the incoming packet. The advantage of FWPF is that it reduces the search space when compared to the existing packet filtering algorithms.
TopMohammad M. Masud, Umniya Mustafa, Zouheir Trabelsi. (2014) have proposed a data driven packet filtering approach. According to this approach, each rule in the rule set is considered a class. The training dataset contains a packet header info and the corresponding class label. Then the classifier is used to classify new incoming packets. The predicted class is checked against the packet to see if this packet really matches the predicted rule. If yes, the corresponding action of the rule is taken. Otherwise, the traditional way of matching rules is followed. The advantage of this data mining firewall is that it offers a much faster rule matching. It is proved that the classifier can achieve very high accuracy of 98% or more, thereby making firewall six times or more faster in making filtering decision.
Trabelsi, Zhang, & Zeidan, (2012, October) have proposed a Packet Filtering Optimization Using Statistical Traffic Awareness Test to improve firewall packet filtering time through optimizing the order of security policy filtering rules and rule-fields (Trabelsi, Zhang, & Zeidan, 2012). The proposed mechanism is based on reordering rules and rule-fields according to packet matching and non-matching histograms, respectively. The current and previous traffic windows statistics are used to check the system stability using Chi-Square Test. If the system stability test indicates that the firewall is stable the same current rule and/or rule-fields orders are used for filtering the next traffic window. Otherwise, an update of the rule and/or rule-fields order structures is required for filtering the next traffic window. However, there is an error precision rate according to this method and 100% classification accuracy is not possible.