Development and Study of Algorithms for the Formation of Rules for Network Security Nodes in the Multi-Cloud Platform

As part of the study, existing solutions aimed at ensuring the security of the network perimeter of the multi-cloud platform were considered. It is established that the most acute problem is the effective formation of rules on firewalls. Existing approaches do not allow optimizing the list of rules on nodes that control access to the network. The aim of the study is to increase the effectiveness of firewall tools by conflict-free optimization of security rules and the use of a neural network approach in software-defined networks. The proposed solution is based on the sharing of intelligent mathematical approaches and modern technologies of virtualization of network functions. In the course of experimental studies, a comparative analysis of the traditional means of rule formation, the neural network approach, and the genetic algorithm was carried out. It is recommended to use the multilayer perceptron neural network classifier for automatic construction of network security rules since it gives the best results in terms of performance. It is also recommended to reduce the size of the firewall security rule list using the Kohonen network, as this tool shows the best performance. A conflict-free optimization algorithm was introduced into the designed architecture, which produces finite optimization by ranking and deriving the most common exceptions from large restrictive rules, which allows increasing protection against attacks that are aimed at identifying security rules at the bottom of the firewall list. On the basis of the proposed solution, the adaptive firewall module was implemented as part of the research.

1. Chomsiri T., et al., "An Improvement of Tree-Rule Firewall for a Large Network: Supporting Large Rule Size and Low Delay", Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA (Tianjin, Aug 23-26), IEEE, 2016, 178-184.

2. Zhichao P., et al., "A Load-Balancing and State-Sharing Algorithm for Fault-Tolerant Firewall Cluster", Proceedings of 2017 4th International Conference on Information Science and Control Engineering (ICISCE) (Changsha, July 21-23), IEEE, 2017, 34-37.

3. Nivedita, Kumar R., "An improved Linux firewall using a hybrid frame of netfilter", 2017 International Conference on Trends in Electronics and Informatics (ICEI) (Tirunelveli, May 11-12), IEEE, 2017, 657-662.

4. Kaur S., et al., "Implementing open ow based distributed firewall", Proceedings of 2016 International Conference on Information Technology (InCITe) - The Next Generation IT Summit on the Theme - Internet of Things: Connect your Worlds (Noida, Oct 6-7), IEEE, 2016, 172-175.

5. Papagrigoriou A., et al., "A firewall module resolving rules consistency", Proceedings of 2017 13th Workshop on Intelligent Solutions in Embedded Systems (WISES) (Hamburg, June 12-13), IEEE, 2017, 47-50.

6. Rengaraju P., et al., "Investigation of security and QoS on SDN firewall using MAC filtering", Proceedings of 2017 International Conference on Computer Communication and Informatics (ICCCI) (Coimbatore, Jan 5-7), IEEE, 2017, 1-5.

7. Zhang L., Huang M., "A Firewall Rules Optimized Model Based on Service-Grouping", Proceedings of 2015 12th Web Information System and Application Conference (WISA) (Jinan, Sept 11-13), IEEE, 2015, 142-146.

8. Ertam F., Kaya M., "Classification of firewall log files with multiclass support vector machine", Proceedings of 2018 6th International Symposium on Digital Forensic and Security (ISDFS) (Antalya, March 22-25), IEEE, 2018, 1-4.

9. Atighetchi M., Adler A., "A Framework for Resilient Remote Monitoring", Proceedings of 2014 7th International Symposium on Resilient Control Systems (ISRCS) (Denver, Aug 19-21), IEEE, 2014, 1-8.

10. Parfenov D., Bolodurina I., "Methods and algorithms optimization of adaptive traffic control in the virtual data center", Proceedings of 2017 International Siberian Conference on Control and Communications (SIBCON 2017) (Astana, June 29-30), IEEE, 2017, 1-6.

11. Bolodurina I., Parfenov D., "Development and research of models of organization distributed cloud computing based on the software-defined infrastructure", Procedia Computer Science, 103 (2017), 569-576.