An Adaptive Firewall Simulation Model Integrating Packet Filtering, Rule-Based Algorithms, and AI-Driven Anomaly Detection
Main Article Content
Abstract
The increasing sophistication and volume of cyber threats have highlighted the limitations of traditional packet-filtering firewalls, which rely on static rules and lack the adaptability to detect evolving, application-layer attacks. This study introduces an adaptive firewall simulation framework that integrates dynamic rule-based filtering, deep packet inspection (DPI), and AI-driven anomaly detection to improve real-time threat mitigation. The system utilizes hash tables for constant-time static rule lookups and decision trees for scalable dynamic rule evaluation. A hybrid anomaly detection model—comprising a decision tree and lightweight neural network—analyzes behavioral features such as packet inter-arrival time and entropy, enabling proactive rule adaptation through a multivariate statistical scoring mechanism. Experimental results demonstrate that the proposed system significantly outperforms traditional firewalls, achieving a packet processing speed of 31,000 pps (vs. 18,000 pps), reducing latency from 18.5 ms to 9.2 ms, and improving threat detection accuracy from 82.3% to 96.1%. Additionally, the false positive rate decreased from 7.8% to 2.3%, with reductions in CPU and memory usage by 7% and 9%, respectively. These findings confirm the system’s capability to deliver high accuracy, low latency, and resource efficiency, making it well-suited for deployment in modern, high-speed enterprise networks.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
IJCERT Policy:
The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.
By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.
References
S. Ioannidis, A. D. Keromytis, S. M. Bellovin and J. M. Smith, “Implementing a Distributed Firewall,” in Proc. ACM Conference on Computer and Communications Security (CCS), 2000, pp. 190–199.
J. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer Security Incident Handling Guide,” NIST Special Publication 800-61 Revision 2, Aug. 2012.
R. Sekar et al., “Specification-based anomaly detection: A new approach for detecting network intrusions,” in Proc. ACM CCS, 2002, pp. 265–274.
W. Yurcik, J. Greenseid, R. Slagell, and J. Barlow, “Computer security education: Where are we going?,” IEEE Security & Privacy, vol. 2, no. 5, pp. 52–55, Sept.-Oct. 2004.
J. Liu and Z. Zhang, “A Study on Dynamic Firewall Based on Traffic Prediction,” in Proc. 6th Intl. Conf. on Computer Science & Education (ICCSE), 2011, pp. 1231–1234.
J. Wu, J. Bi, and Y. Yuan, “Stateful firewall for software-defined networks,” China Communications, vol. 11, no. 2, pp. 16–26, Feb. 2014.
T. Shon and J. Moon, “A hybrid machine learning approach to network anomaly detection,” Information Sciences, vol. 177, no. 18, pp. 3799–3821, Sept. 2007.
M. R. Asghar, S. Habib, S. Khan, and A. Abbas, “A decision tree-based approach towards intrusion detection in software defined networks,” in Proc. Intl. Conf. on Emerging Technologies (ICET), 2019, pp. 1–6.
N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Proc. 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, 2015, pp. 1–6.
B. Mukherjee, L. T. Heberlein, and K. N. Levitt, “Network Intrusion Detection,” IEEE Network, vol. 8, no. 3, pp. 26–41, May 1994.
S. Chappidi and A. Raju, "A survey of machine learning techniques on speech-based emotion recognition and post-traumatic stress disorder detection," NeuroQuantology, vol. 20, no. 14, pp. 69–79, Oct. 2022, doi: 10.4704/nq.2022.20.14.NQ88010.
S. Chappidi and A. Raju, "Enhanced speech emotion recognition using the cognitive emotion fusion network for PTSD detection with a novel hybrid approach," Journal of Electrical Systems, doi: https://doi.org/10.52783/jes.644.
S. Chappidi and A. Raju, "Advancements in speech-based emotion recognition and PTSD detection through machine and deep learning techniques: A comprehensive survey," SSRG International Journal of Electronics and Communication Engineering, vol. 11, no. 5, 2023, doi: 10.14445/23488549/IJECE-V11I5P121.
S. Chappidi and A. Raju, "Speech-based emotion recognition by using a faster region-based convolutional neural network," Multimedia Tools and Applications, Springer, 2024, doi: https://doi.org/10.1007/s11042-024-19004-2.
T. T. Nguyen and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 56–76, 4th Quart., 2008.
M. Zekri, S. El Kafhali, N. Aboutabit, and Y. Saadi, “DDoS attacks detection using machine learning techniques in cloud computing environments,” Procedia Computer Science, vol. 127, pp. 433–443, 2018.
C. Kruegel and G. Vigna, “Anomaly detection of web-based attacks,” in Proc. ACM CCS, 2003, pp. 251–261.
P. Garfinkel and G. Spafford, Practical Unix & Internet Security, 3rd ed. O'Reilly Media, 2003.
R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” in Proc. IEEE Symposium on Security and Privacy (S&P), 2010, pp. 305–316.
A. Lazarevic et al., “A comparative study of anomaly detection schemes in network intrusion detection,” in Proc. SIAM Int. Conf. on Data Mining (SDM), 2003.
H. Wang, D. Zhang, and K. G. Shin, “Detecting SYN flooding attacks,” in Proc. IEEE INFOCOM, 2002, pp. 1530–1539.
S. M. Bellovin and W. R. Cheswick, “Network firewalls,” IEEE Communications Magazine, vol. 32, no. 9, pp. 50–57, Sept. 1994.
M. Roesch, “Snort – Lightweight Intrusion Detection for Networks,” in Proc. 13th USENIX Conf. on System Administration (LISA), 1999.
S. Chappidi and A. Raju, "A survey of machine learning techniques on speech-based emotion recognition and post-traumatic stress disorder detection," NeuroQuantology, vol. 20, no. 14, pp. 69–79, Oct. 2022, doi: 10.4704/nq.2022.20.14.NQ88010.
S. Chappidi and A. Raju, "Enhanced speech emotion recognition using the cognitive emotion fusion network for PTSD detection with a novel hybrid approach," Journal of Electrical Systems, doi: https://doi.org/10.52783/jes.644.
S. Chappidi and A. Raju, "Advancements in speech-based emotion recognition and PTSD detection through machine and deep learning techniques: A comprehensive survey," SSRG International Journal of Electronics and Communication Engineering, vol. 11, no. 5, 2023, doi: 10.14445/23488549/IJECE-V11I5P121.
S. Chappidi and A. Raju, "Speech-based emotion recognition by using a faster region-based convolutional neural network," Multimedia Tools and Applications, Springer, 2024, doi: https://doi.org/10.1007/s11042-024-19004-2.
B. Swathi, S. Veerabomma, M. Archana, D. Bhadru, N. L. Somu, and M. Bhavsingh, “Edge-Centric IoT Health Monitoring: Optimizing Real-Time Responsiveness, Data Privacy, and Energy Efficiency,” 2025 6th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI), pp. 354–361, Jan. 2025, doi: 10.1109/icmcsi64620.2025.10883456.