Shadowed and Redundant Rules Removal in the Cloud Firewall Policy: A Modified Tree Rule Firewall Approach
DOI:
https://doi.org/10.22232/stj.2024.12.02.16Keywords:
Security, Tree rules, Firewall, redundant, Shadowed ruleAbstract
Firewalls are essential for security and are used to secure the majority of private networks. A firewall's goal is to examine every incoming and outgoing data before granting permission. One common type of conventional firewall is the rule-based firewall. But when it pertains to task performance, traditional listed-rule firewalls are limited, and they don't operate well on some networks with extremely big firewall rule sets. This study proposes a model firewall architecture called "Tree-Rule Firewall," which has benefits and functions well on large-scale networks like "cloud." In order to improve cloud network security, this study suggests an improved tree firewall that eliminates shadowing and redundant rules. Initially, this effort creates a tree rule. The proposed revised tree rule firewall effectively locates the shadow rules while avoiding the creation of redundant rules. Next, a cloud-based test was conducted on an altered Tree-Rule firewall that controls firewall rules. It is demonstrated that increased network security and quicker processing are offered by the modified Tree-Rule firewall. Large networks, such as cloud networks, are easier to build using a modified Tree-Rule firewall since it effectively eliminates shadow and redundant rules.
References
Liu, A. X., Khakpour, A. R., Hulst, J. W., Ge, Z., Pei, D., & Wang, J. (2017). Firewall fingerprinting and denial of firewalling attacks. IEEE Transactions on information forensics and security, 12(7), 1699-1712.
Cheminod, M., Durante, L., Seno, L., & Valenzano, A. (2021). An Algorithm for Security Policy Migration in Multiple Firewall Networks. In ITASEC (pp. 344-359).
Jabal, A. A., Davari, M., Bertino, E., Makaya, C., Calo, S., Verma, D., et al. (2019). Methods and tools for policy analysis. ACM Computing Surveys (CSUR), 51(6), 1-35.
Ullrich, J., Cropper, J., Frühwirt, P., & Weippl, E. (2016). The role and security of firewalls in cyber-physical cloud computing. EURASIP Journal on Information Security, 2016(1), 1-20
Toumi, H., Fagroud, F. Z., Zakouni, A., & Talea, M. (2019). Implementing Hy-IDS, mobiles agents and virtual firewall to enhance the security in IaaS Cloud. Procedia Computer Science, 160, 819-824.
Voronkov, A., Iwaya, L. H., Martucci, L. A., & Lindskog, S. (2017). Systematic literature review on usability of firewall configuration. ACM Computing Surveys (CSUR), 50(6), 1-35.
He, X., Chomsiri, T., Nanda, P., & Tan, Z. (2014). Improving cloud network security using the Tree-Rule firewall. Future generation computer systems, 30, 116-126.
Chomsiri, T., He, X., Nanda, P., & Tan, Z.(2016). Hybrid tree-rule firewall for high speed data transmission. IEEE transactions on cloud computing, 8(4), 1237-1249.
Chomsiri, T., He, X., Nanda, P., & Tan, Z. (2014, September). A stateful mechanism for the tree-rule firewall. In 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (pp. 122-129). IEEE.
Suresh, N., & Bai, B. M. (2016). Predictive Modelling of Tree Rule Firewall for the Efficient Packet Filtering. International Journal of Computer Science and Information Security, 14(10), 189.
Trabelsi, Z., Masud, M. M., & Ghoudi, K.(2015). Statistical dynamic splay tree filters towards multilevel firewall packet filtering enhancement. Computers & Security, 53, 109-131.
Trabelsi, Z., Zeidan, S., Shuaib, K., & Salah, K. (2018). Improved session table architecture for denial of stateful firewall attacks. IEEE Access, 6, 35528-35543.
Jekese, G., & Hwata, C., "Virtual Firewall Security on Virtual Machines in Cloud Environmen", International Journal of Scientific and Engineering Research, 6(2), 2015
Dezhabad, N., & Sharifian, S. (2018). Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments. The Journal of Supercomputing, 74, 3329-3358.
Bagheri, S., & Shameli-Sendi, A. (2020). Dynamic firewall decomposition and composition in the cloud. IEEE Transactions on Information Forensics and Security, 15, 3526-3539.
Praise, J. J., Raj, R. J. S., & Benifa, J. B. (2020). Development of Reinforcement Learning and Pattern Matching (RLPM) Based Firewall for Secured Cloud Infrastructure. Wireless Personal Communications, 115, 993-1018.
Kadam, P. R., & Bhusari, V. K. (2014) Redundancy removal of rules with reordering them to increase the firewall optimization. International Journal of Research in Engineering and Technology, 3(10), 317-321.
Lin, Z., & Yao, Z. (2022). Firewall Anomaly Detection Based on Double Decision Tree. Symmetry, 14(12), 2668.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2025 Dhwani Hakani, Palvinder Singh Mann
This work is licensed under a Creative Commons Attribution 4.0 International License.
© The Author(s) 2025. Published by the Science & Technology Journal (STJ), Mizoram University.
Articles published in this journal are open access and distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license permits unrestricted use, distribution, and reproduction in any medium, provided the original author(s) and source are properly credited.
Authors retain copyright and grant the journal the right of first publication, with the work simultaneously licensed under the CC BY 4.0 license.
License link: Creative Commons Attribution 4.0 International License (CC BY 4.0)
ORCID – Author IDs for global recognition
Crossref DOIs – Persistent identifiers
PKP PN – Preservation via PKP Network
LOCKSS – Library archiving for permanence
OpenAIRE – Open Access compliance
RSS 
Facebook 
LinkedIn 