Pritam K. Kathar Rahul B. Kavale Ajit M. Kshirsagar Prashant P. Mundhe Bhushan G.

Nadekar

By, 55 56 57 59 60

Guided By, Prof. Dr. P. J. Kulkarni

Contents
What is Firewall? Why Efficient Matching ? Approach GEM Data Structure Algorithm

-Search Algorithm Working Advantages Disadvantages References Conclusion

What is Firewall?
A firewall is a device or

set of devices designed to permit or deny network transmissions based upon a set of rules is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. It has set of rules to check the packet. Packet matching involves matching on many fields

Why Efficient Matching increasing tremendously ? Network traffic is

Linear packet filtering requires much time to filter this huge traffic firewall should be able to sustain a very high throughput, or risk becoming a bottleneck An efficient matching algorithm filters more packets per sec. i.e. 30,000 packets per second with 10000 rules

Approach
Each packet is considered to be made up of 5 fields1.Protocol 2. source IP address 3. Destination IP address 4. source port number 5. Destination port number

GEM Data structure is created Packet is checked against these 5 fields and a winning rule is found out The packets are then filtered using only winning rule rather than all the rules

GEM Data structure

Algorithm
The firewall packet matching problem finds the first rule that matches a given packet on one or more fields from its header Every rule consists of set of ranges [li, ri] for i = 1, . . . , d, where each range corresponds to the i-th field in a packet header. The field values are in 0 li , ri Ui , where Ui =232 1 for IP addresses, Ui = 65535 for port numbers, and Ui = 255 for ICMP message type or code

Search Algorithm:
The packet header contains the protocol number, source

and destination address and port numbers fields First, we check the protocol field and go to the protocol array of the search data structure, to select the corresponding protocol database header From this point, we traverse data structure with the corresponding field value on every level We find the matching simple range and continue to the next level. The last level gives us the winning rule

Working :-

SYSTEM REQUIRMENT
Software Requirement: - Operating System : Windows VISTA ,Windows 7 - Development Platform Requirement Development Platform for GEM : Visual Studio 2010 Development Platform for GUI : Net Beans IDE - Development languages Development language for GEM: VC++ Development Language for GUI : JAVA

Minimum Hardware Requirement:

-System : -Hard Disk : -RAM :

Pentium IV 2.4 GHz 40 GB 512 MB

Simulation Study
For the simulation or performance analysis we implemented and

tested it in isolation. The GEM build and search implemented in Visual C++ language, using Microsoft Visual Studio 2010. The simulation were performed at 2.13 GHz Intel Pentium P6 200 PC with RAM of 2 GB DDR3 having Hard Disk Drive of 500GB running Windows 7 Ultimate (32 bit) operating system. We have performed this simulation on two different type of firewall 1) Linear 2) GEM. In GEM implemented firewall we again classified it as a state-full and a stateless. For comparing we selected the random rules and we recorded the different time for matching the rules and from that we calculated the average time for linear, state-full GEM and stateless GEM. From that recorded data we have drawn the graph.

Simulation Statistics
Build Time)
No Of Rules 100 Time (microseconds) 0.4739 0.4801 0.5363 0.5236 0.5420 0.5248 0.5132 0.5930 0.6419 0.5003 0.5393 0.6548 0.6640 0.7643 0.5711 0.6319 0.7637 0.6144 0.6537 0.6641 0.6532 0.6339 0.6649 0.6369 0.6845

(Comparing the
Avg. Time (microseconds) 0.5084

350

0.5546

700

0.6387

1400

0.6656

2500

0.6807

Comparing Execution
NO of Rules Linear Matching (Time in s) 0.004750 0.003350 0.002780 Avg.: 0.003627 0.006615 0.007500 0.007845 Avg.: 0.007781 0.01796 0.01354 0.01680 Avg.: 0.01610 0.02832 0.02796 0.02707 Avg.: 0.02754 State-full Matching (Time in s) 0.001815 0.001395 0.001070 Avg.: 0.001232 0.000950 0.000900 0.000900 Avg.: 0.000900 0.001540 0.001515 0.001380. Avg.: 0.001448 0.000905 0.000890 0.000895 Avg.: 0.000893 Stateless (Time in s) 0.007430 0.007900 0.007320 Avg.: 0.007550 0.020700 0.01473 0.01445 Avg.: 0.01732 0.2452 0.2367 0.2383 Avg.: 0.240660 0.52152 0.52748 0.52634 Avg.: 0.52514 500

1000

2500

5000

Advantages:
GEMs matching speed is far better than the naive linear

search, and it is able to increase the throughput GEM can filter over 30,000 packets-per-second on a standard PC, even with 10,000 rules On rule-bases generated according to realistic statistics, GEMs space complexity is well within the capabilities of modern hardware

Disadvantages:
Space complexity is high.(worst-case

complexity is O(n4) for a rule-base with n rules) Building GEM data structure requires computational overhead

References
[1] Dmitry Rovniagin and Avishai Wool, Senior Member, IEEE THE GEOMETRIC EFFICIENT MATCHING ALGORITHM FOR FIREWALLS IEEE Transactions On Dependable And Secure Computing ,Vol. 8, No. 1, Jan-Feb 2011 [2] Andronescu Alexandra LIBFW: GENERIC FIREWALL LIBRARY FOR MULTIPLE OPERATING SYSTEMS [3] Alex X. Liu, Member, IEEE, and Mohamed G. Gouda, Member, IEEE Firewall Policy Queries IEEE Transactions On Parallel And Distributed Systems, Vol. 20, No. X, Xxx 2009 [4] Alex X. Liu Eric Torng Chad R. Meiners, Department of Computer Science and Engg, Michigan State University, East Lansing, MI 48824, U.S.A. Firewall Compressor: An Algorithm for Minimizing Firewall Policies

Conclusion
GEMs matching speed is far better than the

naive linear search. GEMs space complexity is well within the capabilities of modern hardware. The GEM algorithm enjoys a logarithmic matching time performance

Thank You ..