Predictive Modelling of Tree Rule Firewall for the Efficient Packet Filtering Nagulavancha Suresh Department of Information Technology VNR Vignana Jyothi Institute of Engineering and Technology, Hyderabad, India suresh852456@gmail.com B.Mathura Bai Assoc Professor, Department of Information Technology VNR Vignana Jyothi Institute of Engineering and Technology, Hyderabad, India mathurabai_b@vnrvjiet.in Abstract— Firewall is the first security component in any network. Firewalls will inspect both incoming and outgoing packets of the network based on the rules, it will decide to accept the packet or drop the packet. Firewall rules are generally stored in list type, for each packet it will search in the rules and decides to allow the packet or deny the packet. In list rule firewalls each time a packet comes it will search for the matching rule from the first rule, so each time it has to go through each rule and number of attributes like destination IP(Internet Protocol) address, source IP address and destination port etc. It will degrade the performance of the firewall and in turn network performance is reduced. List based firewalls can contain redundant rules and shadow rules. In order to improve the performance of the list rule firewalls we are replacing it with a tree rule firewall, where the firewall rules are ordered in tree structure and applying the intelligence to the firewall for further improving its performance. Keywords-Firewall; Network Performance; Tree Rule; Firewall Modelling; Network Security. I. INTRODUCTION Network performance [14] is the most important aspect of any network, this depends on various parameters. Firewall [15] [16][17] is the first gateway to any network and the major component of network security. Improving the performance of the firewall [9] will improve the performance of the network. Firewall is used in the network for security, it can be either software or hardware [16], and it will monitor the traffic in the network. Mainly firewalls are of three types [15], Network level firewalls, Application level firewalls and proxies. Network layer firewalls [15] or the packet filtering firewalls filter the packets based on its attributes and rule list, it can be stateless firewall or state full firewall. Stateless firewalls are firewalls will not maintain the state of the connection between two hosts. It will simply check the attributes and takes the decision on the packet. State full firewalls are the firewalls where the state of each packet is maintained in its state table. If the packets are not following the state information they are discarded by the firewall. This is useful for protecting the network from flood attacks. Application layer firewalls [15] are the firewalls acting in the application layer having the information about the input, output and service. If the input and output are acting according to the policies defined by the firewall then it will allow, if they act against the predefined policies then it will not allow running particular process. For example, the system call fork is not allowed, if the input is trying to do particular action which needs to execute the fork system call then that action is denied. Proxy Firewalls [15] are the firewalls acts as the proxy between two communicating parties. Neither the two communicating parties know about the proxy firewall is between them. Proxy firewall prevents the network to act directly. Proxy firewall has not only the packet header information, but also the entire packet. Another firewall is host based firewall, which filters the packets only to that particular host. Firewall is the security [16][17] component for any network. Firewall is designed to protect the network from malicious sources. It will monitor each packet coming to the network or going out of the network. Based on predefined rules, it will check for the match until a rule is matched and it will accept the packet or deny the packet based on the rule being matched. Rules defined in the firewall are list based rules [1], so searching each and every rule for each packet will delay the decision of packet. In general firewall rules [1][13] are organized in list structure. Rules are predetermined by the network administrator. Managing rules and ordering them is the big task, if a rule is needed to add to the rules base, an administrator need to set its position for it to work. Otherwise, the newly added rule will become the shadow rule [1]. The Shadow rule is a rule which is never being matched to any packet because the rules above are matching before it comes to the specified rule. So the rule ordering is the big task, if a new rule is needed to be added. Redundant [1] rules are the rules which are repeated rules. If the same rule is written more than once then comparing the same rule more than once is a waste of time. II. RELATED WORK Xiangjian He, Thawatchai Chomsiri, Priyadarsi Nanda, Zhiyuan Tan [1] proposed Tree rule firewall to increase the cloud security. Proposed tree rule firewall is used to eliminate the limitations of the listed rule firewall. International Journal of Computer Science and Information Security (IJCSIS), Vol. 14, No. 10, October 2016 189 https://sites.google.com/site/ijcsis/ ISSN 1947-5500