Abstract
Offering a moderate level of security at a lower cost requires the usage of packet filtering as a tool to provide network security. Securing system effectively requires the network administrator to well configure the packet filter with a thorough understanding of its capabilities and defects. Relying on the administrator in configuring and operating the packet filtering system might generate various threats due to human-error propabilities, so it’s recommended that the system should be operated in an intelligent manner to automatically react to bad configurations such as duplications and contradictions, that decrease the proper matching time of the packet, with any of the predefined rules. Through out this paper, we propose an intelligent packet filtering technique. The proposed method enhances the performance in measures of individual packet filtering time. The method also includes a preprocessing algorithm for the rule organizing and removing of redundant rules. The proposed method gives the capability of auto-generation of rules for packets that do not match with any rule by the use of a rule-based expert system that uses the previously defined rules in deducing new rules. This paper describes traditional packet filtering and the rule-based Expert system. Ultimately, the paper evaluates the performance of this technique based on results of a simulation.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35586-3_46
Chapter PDF
Similar content being viewed by others
Refrences
S. M. Bellovin, 1989, Security Problems in the TCP/IP Protocol Suite.
D. Brent Chapman, 1992, Network (In)Security through IP packet filtering.
Douglas E. Corner, 1991, Internetworking with TCP/IP.
George Droffner, 1997, Neural Networks Techniques.
Louis E.Frenzel.,1990, Crash course in Artificial Intelligence and expert systems.
Vasant Hanavar, Leonard Uhr, 1994, Artificial Intelligent and Neural Network steps toward principal Integration.
George Luger, William Subblefield, 1993, AI structures and strategies for complex problem solving.
J. Quon, 1998, Firewall complete reference.
H. White, 1989, Learning in Artificial Neural Network.
G. Zammler., 1998, Internet Security and Firewalls.
Jacek M.Zurada, 1995, Introduction to artificial neural systems.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Hashem, M., Mohamed, A., Wahib, M. (2002). Intelligent IP Packet Filtering. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds) Security in the Information Society. IFIP Advances in Information and Communication Technology, vol 86. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35586-3_41
Download citation
DOI: https://doi.org/10.1007/978-0-387-35586-3_41
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1026-7
Online ISBN: 978-0-387-35586-3
eBook Packages: Springer Book Archive