Design and development of an intelligent security layer for web-based applications

Abstract

Methods to activate firewall mechanism have been introduced in this research. The purpose is to build stronger protection for the intranet from the threats of Internet. The foundation of the work is the threat reduction strategies that are derived from formalizing and identifying the interaction between internal users and external parties. Internet access model is developed to facilitate this task. Mechanism of active firewall are divided into two main process i.e. initialisation and runtime process. The former process deals with the mechanism to start up and bring the active firewall into a point of its operation. Three approaches are introduced, namely open condition, close condition and lattice-based method. The open condition and close condition set the firewall into its extreme condition i.e. to open all available communication line or to close all connection respectively, while the lattice-based method affords to bring firewall into its optimum level to protect the intranet by establishing Internet connection based on the predetermined security level. In the runtime process, three methods are introduced as well i.e. adaptively updating security policy using fuzzy reasoning, detecting suspicious process using distributed agent-based module, and zero-based approach to have minimal network services at runtime. Besides analysing each method using its own parameters such as processing time, accuracy and speed for organizing canals, global evaluations were also held to investigate the protection can be delivered to the intranet. In this evaluation, security analysis and comparative study is held, in which each initialisation and runtime process are combined and analysed using three parameters that are created based on RFC 2979 i.e. probability of available network services, probability of exposed line, and denial of services. Results of this study deliver the combination of lattice-based and agent-based module become the best method for activating firewall.