An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness

Chenghong Wang; Donghong Zhang; Hualin Lu; Jing Zhao; Zhenyu Zhang; Zheng Zheng

doi:10.1109/ISIAS.2014.7064623

An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness

Chenghong Wang
, Donghong Zhang
, Hualin Lu
, Jing Zhao^*
, Zhenyu Zhang
, Zheng Zheng

^*Corresponding author for this work

School of Electronic and Information Engineering

Harbin Engineering University
CAS - Institute of Software

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.

Original language	English
Title of host publication	2014 10th International Conference on Information Assurance and Security, IAS 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	71-76
Number of pages	6
ISBN (Electronic)	9781479980994
DOIs	https://doi.org/10.1109/ISIAS.2014.7064623
State	Published - 19 Mar 2014
Event	2014 10th International Conference on Information Assurance and Security, IAS 2014 - Okinawa, Japan Duration: 28 Nov 2014 → 30 Nov 2014

Publication series

Name	2014 10th International Conference on Information Assurance and Security, IAS 2014

Conference

Conference	2014 10th International Conference on Information Assurance and Security, IAS 2014
Country/Territory	Japan
City	Okinawa
Period	28/11/14 → 30/11/14

Keywords

application firewall
hardware resources
network security
packet filtering firewall
performance bottleneck

Access to Document

10.1109/ISIAS.2014.7064623

Cite this

Wang, C., Zhang, D., Lu, H., Zhao, J., Zhang, Z., & Zheng, Z. (2014). An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness. In 2014 10th International Conference on Information Assurance and Security, IAS 2014 (pp. 71-76). Article 7064623 (2014 10th International Conference on Information Assurance and Security, IAS 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISIAS.2014.7064623

Wang, Chenghong ; Zhang, Donghong ; Lu, Hualin et al. / An experimental study on firewall performance : Dive into the bottleneck for firewall effectiveness. 2014 10th International Conference on Information Assurance and Security, IAS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 71-76 (2014 10th International Conference on Information Assurance and Security, IAS 2014).

@inproceedings{6f098013ddab4f85b4e5955430880e2b,

title = "An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness",

abstract = "Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.",

keywords = "application firewall, hardware resources, network security, packet filtering firewall, performance bottleneck",

author = "Chenghong Wang and Donghong Zhang and Hualin Lu and Jing Zhao and Zhenyu Zhang and Zheng Zheng",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 10th International Conference on Information Assurance and Security, IAS 2014 ; Conference date: 28-11-2014 Through 30-11-2014",

year = "2014",

month = mar,

day = "19",

doi = "10.1109/ISIAS.2014.7064623",

language = "英语",

series = "2014 10th International Conference on Information Assurance and Security, IAS 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "71--76",

booktitle = "2014 10th International Conference on Information Assurance and Security, IAS 2014",

address = "美国",

}

Wang, C, Zhang, D, Lu, H, Zhao, J, Zhang, Z & Zheng, Z 2014, An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness. in 2014 10th International Conference on Information Assurance and Security, IAS 2014., 7064623, 2014 10th International Conference on Information Assurance and Security, IAS 2014, Institute of Electrical and Electronics Engineers Inc., pp. 71-76, 2014 10th International Conference on Information Assurance and Security, IAS 2014, Okinawa, Japan, 28/11/14. https://doi.org/10.1109/ISIAS.2014.7064623

An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness. / Wang, Chenghong; Zhang, Donghong; Lu, Hualin et al.
2014 10th International Conference on Information Assurance and Security, IAS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 71-76 7064623 (2014 10th International Conference on Information Assurance and Security, IAS 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An experimental study on firewall performance

T2 - 2014 10th International Conference on Information Assurance and Security, IAS 2014

AU - Wang, Chenghong

AU - Zhang, Donghong

AU - Lu, Hualin

AU - Zhao, Jing

AU - Zhang, Zhenyu

AU - Zheng, Zheng

PY - 2014/3/19

Y1 - 2014/3/19

N2 - Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.

AB - Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.

KW - application firewall

KW - hardware resources

KW - network security

KW - packet filtering firewall

KW - performance bottleneck

UR - https://www.scopus.com/pages/publications/84983200546

U2 - 10.1109/ISIAS.2014.7064623

DO - 10.1109/ISIAS.2014.7064623

M3 - 会议稿件

AN - SCOPUS:84983200546

T3 - 2014 10th International Conference on Information Assurance and Security, IAS 2014

SP - 71

EP - 76

BT - 2014 10th International Conference on Information Assurance and Security, IAS 2014

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 28 November 2014 through 30 November 2014

ER -

Wang C, Zhang D, Lu H, Zhao J, Zhang Z, Zheng Z. An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness. In 2014 10th International Conference on Information Assurance and Security, IAS 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 71-76. 7064623. (2014 10th International Conference on Information Assurance and Security, IAS 2014). doi: 10.1109/ISIAS.2014.7064623

An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this