iccci_2016_performance evaluation of fuzzy integrated firewall model for hybrid cloud based on...
TRANSCRIPT
![Page 1: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/1.jpg)
Paper ID: N117
ICCCI, Wuhan, China October 13th-15th 1
Session: Network and Application Technology
![Page 2: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/2.jpg)
Mawlana Bhashani Science and Technology University, Bangladesh
Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization
Asma Islam Swapna, Ziaur Rahman, Md. Habibur Rahman, Md. AkramuzzamanDept. of Information and Communication Technology
ICCCI, Wuhan, China October 13th-15th 2
![Page 3: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/3.jpg)
Presentation Summary
Introduction
Motivation
Proposed Model
Cloud Architecture
Fuzzified Firewall Model
Rules and Security Levels
Results Evaluation
Contribution & Conclusion
References
ICCCI, Wuhan, China October 13th-15th 3
![Page 4: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/4.jpg)
IntroductionCloud ?
Distributed Service provided over Internet
• PrivateEnterprises control access, high security
• Public
Users gain access to cloud easily on demand
• Hybrid
Integration of Public and Private Cloud
ICCCI, Wuhan, China October 13th-15th 4Source: The Age of the Customer by Jim Blasingame, 2015
![Page 5: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/5.jpg)
Introduction (Cont.)
Hybrid Cloud Security !
Flexible data access Intrusion Prevention System (IPS)
Ex. Firewall ?
Controls and filters the incoming and outgoing
traffic of a system standing between the internal
network and world outside
ICCCI, Wuhan, China October 13th-15th 5
![Page 6: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/6.jpg)
Introduction (Cont.)
Fuzzy System
• Describe complex systems with linguistic descriptions
• A control system based on fuzzy logic and operates on fuzzy controller
Fuzzy Control System
ICCCI, Wuhan, China October 13th-15th 6
Fuzzy Controller
Process ModelControl Rules
ControlInput Output
Source: MICHIO SUGENO , An Introductory Survey of Fuzzy Control, 1985
Error
![Page 7: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/7.jpg)
Motivation• Distributed, autonomous, administrative Hybrid Cloud
infrastructures are more vulnerable and prone to security risks
• Network based IPS and host based IPS adopts traditional Firewall
• Today’s malicious code, worms, network attacks on hybrid cloud servers
ICCCI, Wuhan, China October 13th-15th 7
![Page 8: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/8.jpg)
Motivation (Cont.)
Limitation?Limited port & unrealizable single point defense
Ineffective packet filtration in emerging HTTP traffic
Security Breaches, Trojan & Cyber attacks
Larger industry management
ICCCI, Wuhan, China October 13th-15th 8
![Page 9: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/9.jpg)
Proposed Model
ICCCI, Wuhan, China October 13th-15th 9
Fuzzy Controller Controlling incoming and outgoing packet
Fuzzy rules providing dynamic packet filtered for Hybrid cloud
Packet filtering based on Packet utilization on the cloud server
Fuzzy Integrated Firewall !
![Page 10: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/10.jpg)
Cloud Architecture
ICCCI, Wuhan, China October 13th-15th 10
![Page 11: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/11.jpg)
Fuzzified Firewall Model
ICCCI, Wuhan, China October 13th-15th 11
![Page 12: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/12.jpg)
Fuzzified Firewall Model (Cont.)
Source Generation- Gaussian member function used for source security
𝑍𝑜 =𝑧 𝑧𝜇 𝑧 𝑑𝑧
𝑧 𝜇 𝑧 𝑑𝑧
Destination Generation- Centre of the gravity method for destination security
𝜇𝑆 𝑠, 𝑐, 𝜎 = 𝑒(𝑠 −𝑐)2
2𝜎2
ICCCI, Wuhan, China October 13th-15th 12
![Page 13: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/13.jpg)
ICCCI, Wuhan, China October 13th-15th 13
Rules & Security LevelsSource Destination Security
Low Low Insecure
Low Medium Low Security
Low Medium-High Medium Secured
Low High High Secured
Medium Low-Medium Medium Secured
Medium Low Insecure
High High High Secured
![Page 14: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/14.jpg)
Firewall Integration
ICCCI, Wuhan, China October 13th-15th 14
• Fuzzy Security Levels based on MFC rules integrated with Riverbed Cloud model
• Incoming packet traffic in the Hybrid cloud will pass Fuzzified firewall logic control to get legitimate access to the hybrid cloud
• Unauthorized traffic with lower level security of source and destination address discarded in the model
• Evaluation and comparison with fuzzified and no firewall scenario for traffic to web server and database server
![Page 15: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/15.jpg)
Results Evaluation
ICCCI, Wuhan, China October 13th-15th 15
Packet filtration in fuzzy integrated firewall scenario representing 25% increased response time in non-fuzzifiedfirewall
![Page 16: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/16.jpg)
Results Evaluation (Cont.)
ICCCI, Wuhan, China October 13th-15th 16
10-20% easier access (more packet sent per time) in fuzzified firewall through secure firewall tunnel of packet filtration
![Page 17: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/17.jpg)
Contribution & Conclusion• Designed Fuzzy controller for Firewall Model
• Generated security levels for firewall operation
• Integrated security levels with Hybrid Cloud topology
• Collected HTTP traffic response in Web server
• Collected database query traffic response in Database server
• Evaluated model using no firewall, fuzzified firewall and traditional firewall comparative result
• Effective Fuzzy Controller better performance in larger industry.
• Dynamic Packet monitoring and filtrering
ICCCI, Wuhan, China October 13th-15th 17
![Page 18: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/18.jpg)
References
[1] Q. Liu, C. Weng, M. Li, and Y. Luo, “An in-vm measuring framework for increasing virtual machine security in clouds,” Security & Privacy, IEEE, vol. 8, no. 6, pp. 56–62, 2010.
[2] J. D. Burton, Cisco security professional’s guide to secure intrusion detection systems. Syngress Publ., 2003.
[3] T. Sproull and J. Lockwood, “Wide-area hardware-accelerated intrusion prevention systems (whips),” in Proceedings of the International Working Conference on Active Networking (IWAN), 2004, pp. 27–29.
[4] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” in High performance interconnects, 2003. proceedings. 11th symposium on. IEEE, 2003, pp. 44–51.
[5] H. Kurdi, M. Enazi, and A. Al Faries, “Evaluating firewall models for hybrid clouds,” in Modelling Symposium (EMS), 2013 European. IEEE, 2013, pp. 514–519.
[6] A. V. Dastjerdi and R. Buyya, “Compatibility-aware cloud service composition under fuzzy preferences of users,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 1–13, 2014.
[7] Riverbed Modular, (accessed June 30, 2016). [Online]. Available: http://www.riverbed.com/sg/
[8] M. Sharma, H. Bansal, and A. K. Sharma, “Cloud computing: Different approach & security challenge,” International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 1, pp. 421–424, 2012.
[9] J. Srinivas, K. V. S. Reddy, and A. M. QYSER, “Cloud computing basics,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 1, no. 5, 2012.
[10] S. Ray and A. De Sarkar, “Execution analysis of load balancing algorithms in cloud computing environment,” International Journal on Cloud Computing: Services and Architecture (IJCCSA), vol. 2, no. 5, pp. 1–13, 2012.
ICCCI, Wuhan, China October 13th-15th 18
![Page 19: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/19.jpg)
Question & Answer !
ICCCI, Wuhan, China October 13th-15th 19
![Page 20: ICCCI_2016_Performance Evaluation of Fuzzy Integrated Firewall Model for Hybrid Cloud Based on Packet Utilization](https://reader031.vdocuments.mx/reader031/viewer/2022030314/58a1f1da1a28ab531e8b6f03/html5/thumbnails/20.jpg)
Thanks!Asma Islam Swapna
Twitter: @AsmaSwapnaGithub: @AsmaSwapna
Tech site: www.asmaswapna.github.ioResearchGate: Asma_Swapna2
LinkedIn: asma0swapna
ICCCI, Wuhan, China October 13th-15th 20