Dynamic traffic awareness statistical model for firewall performance enhancement

• Enhanced filtering mechanism for firewalls with four optimization levels is proposed.
• Rule and rule-fields reordering process allow early packet acceptance and rejection.
• Chi-square test is performed to check if the reordering process is required.
• The optimum window size guarantees minimum packet filtering time.
• The proposed mechanism provides better filtering time compared to related works.

Firewall is considered to be one of the most important security components in today's IP network architectures. Firewall performance has a significant impact on the overall network performance. In this paper, we propose a mechanism to improve firewall performance, using network traffic behavior and packet filtering statistics. Upon certain threshold qualification (Chi-square test), the proposed mechanism allows optimizing the filtering rules order and their corresponding fields order according to the divergence of the traffic behavior. That is, if the firewall system is stable, then the same current filtering rules and/or rule-fields orders are used for filtering the next network traffic window. Otherwise, an update of the filtering rules and/or rule-fields orders is required for filtering the next network traffic window. The numerical results obtained by simulation demonstrate that the proposed mechanism allow to improve significantly the firewall performance in terms of cumulative packet processing time even for small security policies. This improvement is a result of the minimization of the overhead corresponding to the frequency of updating the rule/field structures, as well as of using the optimum traffic window size.