Title :
Queuing Analysis of Network Firewalls
Author_Institution :
Dept. of Comput. Eng., Khalifa Univ. of Sci. Technol. & Res. (KUSTAR), Sharjah, United Arab Emirates
Abstract :
Network firewalls act as the first line of defense against unwanted and malicious traffic targeting private networks connected to the Internet. Predicting the overall firewall performance, especially under attack, becomes crucial to network security engineers and designers in assessing how affective and tolerable a network firewall is, thereby be able to sustain the availability of network services. In this paper, we present an analytical queueing model based on the embedded Markov chain to study and analyze the performance of rule-based firewalls when subjected to normal and DoS attacks. We derive equations for key features and performance measures of engineering and design significance. In addition, we validate our analytical model against real experimental measurements.
Keywords :
Internet; Markov processes; computer network security; queueing theory; DoS attack; Internet; analytical queueing model; embedded Markov chain; firewall performance; malicious traffic; network firewall; network security; network service; normal attack; private network; queuing analysis; rule-based firewall; Analytical models; Computer crime; Delay; Fires; Linux; Mathematical model;
Conference_Titel :
Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-5636-9
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2010.5684053
