A study on application layer classification for firewalls using regular expression matching

Jonathan A.P. Marpaung; M. Agni Catur Bhakti; Setiadi Yazid

doi:10.1109/ACSAT.2013.88

A study on application layer classification for firewalls using regular expression matching

Jonathan A.P. Marpaung, M. Agni Catur Bhakti, Setiadi Yazid

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.

Original language	English
Title of host publication	Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013
Publisher	IEEE Computer Society
Pages	417-422
Number of pages	6
ISBN (Print)	9781479927586
DOIs	https://doi.org/10.1109/ACSAT.2013.88
Publication status	Published - 1 Jan 2014
Event	2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013 - Kuching, Sarawak, Malaysia Duration: 23 Dec 2013 → 24 Dec 2013

Publication series

Name	Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013

Conference

Conference	2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013
Country/Territory	Malaysia
City	Kuching, Sarawak
Period	23/12/13 → 24/12/13

Keywords

Application Layer Classification
Firewall
L7-filter
Netfilter/Iptables
Real Time Messaging Protocol

Access to Document

10.1109/ACSAT.2013.88

Cite this

Marpaung, J. A. P., Bhakti, M. A. C., & Yazid, S. (2014). A study on application layer classification for firewalls using regular expression matching. In Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013 (pp. 417-422). Article 6836617 (Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013). IEEE Computer Society. https://doi.org/10.1109/ACSAT.2013.88

Marpaung, Jonathan A.P. ; Bhakti, M. Agni Catur ; Yazid, Setiadi. / A study on application layer classification for firewalls using regular expression matching. Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013. IEEE Computer Society, 2014. pp. 417-422 (Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013).

@inproceedings{0ab9b6eb79af4adf804be3e6ed7fc03c,

title = "A study on application layer classification for firewalls using regular expression matching",

abstract = "Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.",

keywords = "Application Layer Classification, Firewall, L7-filter, Netfilter/Iptables, Real Time Messaging Protocol",

author = "Marpaung, {Jonathan A.P.} and Bhakti, {M. Agni Catur} and Setiadi Yazid",

year = "2014",

month = jan,

day = "1",

doi = "10.1109/ACSAT.2013.88",

language = "English",

isbn = "9781479927586",

series = "Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013",

publisher = "IEEE Computer Society",

pages = "417--422",

booktitle = "Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013",

address = "United States",

note = "2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013 ; Conference date: 23-12-2013 Through 24-12-2013",

}

Marpaung, JAP, Bhakti, MAC & Yazid, S 2014, A study on application layer classification for firewalls using regular expression matching. in Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013., 6836617, Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013, IEEE Computer Society, pp. 417-422, 2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013, Kuching, Sarawak, Malaysia, 23/12/13. https://doi.org/10.1109/ACSAT.2013.88

A study on application layer classification for firewalls using regular expression matching. / Marpaung, Jonathan A.P.; Bhakti, M. Agni Catur; Yazid, Setiadi.
Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013. IEEE Computer Society, 2014. p. 417-422 6836617 (Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A study on application layer classification for firewalls using regular expression matching

AU - Marpaung, Jonathan A.P.

AU - Bhakti, M. Agni Catur

AU - Yazid, Setiadi

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.

AB - Traditional network level firewalls, based on port and IP addresses, are inadequate for dealing with the development of applications and protocols that do not follow the conventions of port services established by IANA (Internet Assigned Numbers Authority). Therefore firewalls capable of accurately classifying and filtering connections based on application information are needed. This paper studies one such firewall using Netfilter/Iptables with the L7-filter packet classifier to perform application layer filtering. This packet classifier uses regular expressions to match applications with a protocol definition database. We analyze a video streaming protocol, the Adobe Real Time Messaging Protocol (RTMP), to produce a protocol definition. Analysis of the performance of the protocol definition and L7-filter usage in general in a simulated network environment shows that this implementation functions well and does not disrupt network performance.

KW - Application Layer Classification

KW - Firewall

KW - L7-filter

KW - Netfilter/Iptables

KW - Real Time Messaging Protocol

UR - http://www.scopus.com/inward/record.url?scp=84904162349&partnerID=8YFLogxK

U2 - 10.1109/ACSAT.2013.88

DO - 10.1109/ACSAT.2013.88

M3 - Conference contribution

SN - 9781479927586

T3 - Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013

SP - 417

EP - 422

BT - Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013

PB - IEEE Computer Society

T2 - 2nd International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013

Y2 - 23 December 2013 through 24 December 2013

ER -

Marpaung JAP, Bhakti MAC, Yazid S. A study on application layer classification for firewalls using regular expression matching. In Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013. IEEE Computer Society. 2014. p. 417-422. 6836617. (Proceedings - 2013 International Conference on Advanced Computer Science Applications and Technologies, ACSAT 2013). doi: 10.1109/ACSAT.2013.88

A study on application layer classification for firewalls using regular expression matching

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this