Abstract
Firewalls are located at the front line of the network against outside threats. Performance modeling and analysis of network firewalls help to better understand their behavior and characteristics. Moreover, having an analytical model in hand helps firewall designers avoid developing multiple design alternatives and thus considerably reduce the design costs. Moreover, the network administrators can proactively identify the performance bottlenecks of the network and fix them before any malicious attack which targets the network or the firewall itself. In this paper, we propose a novel analytical approach for performance modeling and analysis of network firewalls based on a discrete-time queuing system in which the bursty nature of the incoming traffic is taken into account, where traditional queuing models such as $M/M/1$ model fails to capture peculiar characteristics of the Internet traffic. Throughput, packet loss, delay, and firewalls CPU utilization are employed as performance evaluation indicators in our proposed model. In addition, we introduce a potential DoS attack with a very low rate which can be launched against firewalls with different burstiness factors.
Highlights
Firewalls typically are deployed at the entry point of the network and defend against malicious threats and hostile attacks
SYSTEM MODEL we present an analytical model for performance modeling and analysis of network firewalls which considers the bursty nature of traffic flows, especially under DoS attacks
In this paper, we propose a novel analytical approach for performance modeling and analysis of rule-based firewalls based on a discrete-time queuing system
Summary
Firewalls typically are deployed at the entry point of the network and defend against malicious threats and hostile attacks. Firewall performance is an important factor in enforcing network security, especially when the network is under attack. These attacks are generally distributed denial of service attacks (DDoS). If the firewalls are not well designed to withstand against the mentioned attacks, they may jeopardize the overall security of the network in which they are deployed. We develop a mathematical performance model for a network firewall using a discrete-time queuing system.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
