D-Fri-Winfirewall: Dynamic Fuzzy Rule Interpolation For Windows Firewall

Dynamic fuzzy rule interpolation (D-FRI) consists of functionalities of fuzzy rule interpolation and dynamically refinement of the fuzzy rule base. It can be integrated with any fuzzy intelligent system to extend the system's capabilities in addition to its normal fuzzy reasoning. Systems security is one of the areas that require dynamic monitoring due to the nature of possible threats; static rule-based systems cannot cover all reoriented security threats accurately in the long run. D-FRI provides a possible solution to such problems, potentially making various security tools (e.g., those for firewall, intrusion detection and traffic analysis) more effective. As a particular application, this paper exploits D-FRI to dynamically support Microsoft Windows Firewall, resulting in a robust system named D-FRI-WinFirewall. Given the general utility of Windows Firewall, the impact of this work is far-reaching. The work reported here focusses on the monitoring and prevention of denial of service (DoS) attacks, which is not possible by utilising the standard Windows Firewall alone. In particular, two sub-systems are designed, implemented and tested within D-FRI-WinFirewall, with an effort to detect and prevent two serious types of DoS attack: ICMP DoS attack and UDP DoS attack, leading the Windows Firewall to outperform popular and expensive firewalls, which are yet unable to handle DoS attacks.