Document Type : Original Article

Authors

• Dana Hasan Ahmed ¹
• Rebeen R. HamaAmin ²

¹ Computer Science Department, College of Science, University of Garmian, Kalar, Sulaymaniyah, Iraq

² Network Department, Computer Sciences institute, Sulaimani Polytechnic University, Sulaymaniyah, Iraq

Abstract

A firewall is one of the key components in securing an organization's network and computational assets against different network and application-based attacks. Most firewall solutions only consider one or two layers of TCP/IP networking architecture to protect against attacks, especially spoofing-based attacks. In contrast, there are some proposed solutions to protect against such attacks. However, these solutions work in areas such as clouds or Software Defined Networks (SDN), and legacy networks cannot utilize such techniques. Therefore, establishing a type of firewall that can be scalable, strong, and easy to implement is a challenge necessary for a new firewall technique to prevail. This paper presents a novel strategy to implement a multi-layered firewall to overcome the current state-of-art firewalls. Our firewall combines a packet-filtering approach (i.e., Internet and Transport layer) with an application layer firewall under the umbrella of Stateful-Packet-Inspection. The experiments were performed in a controlled environment with 1% legitimate packets, and 99% spoofed traffic on average. The Stateful-Packet-Inspection discards any packets based on their traffic flow given to them by the firewall while informing the network administrator about the system breach passively. The results of the experiments are benchmarked with previous works and showed improvement in accuracy by 13.5% and sensitivity by 13.75% while decreasing the false negative rate by 86.5% with minimal computational and network overhead.

Keywords

• Firewall
• Distributed Denial of Services
• TCP/IP architecture
• Spoofing
• traffic signature

Main Subjects

• Information technology