A study on application layer classification for firewalls using regular expression matching

Jonathan A.P. Marpaung, M. Agni Catur Bhakti, Setiadi Yazid

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.

Original languageEnglish
Title of host publicationProceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013
PublisherIEEE Computer Society
Pages417-422
Number of pages6
ISBN (Print)9781479927586
DOIs
Publication statusPublished - 1 Jan 2014
Event2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013 - Kuching, Sarawak, Malaysia
Duration: 23 Dec 201324 Dec 2013

Publication series

NameProceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013

Conference

Conference2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013
CountryMalaysia
CityKuching, Sarawak
Period23/12/1324/12/13

Keywords

  • Application Layer Classification
  • Firewall
  • L7-filter
  • Netfilter/Iptables
  • Real Time Messaging Protocol

Fingerprint Dive into the research topics of 'A study on application layer classification for firewalls using regular expression matching'. Together they form a unique fingerprint.

Cite this