Performance modeling and analysis of network firewalls

Khaled Salah, Khalid Elbadawi, Raouf Boutaba

Research output: Contribution to journalArticlepeer-review

70 Scopus citations


Network firewalls act as the first line of defense against unwanted and malicious traffic targeting Internet servers. Predicting the overall firewall performance is crucial to network security engineers and designers in assessing the effectiveness and resiliency of network firewalls against DDoS (Distributed Denial of Service) attacks as those commonly launched by today's Botnets. In this paper, we present an analytical queueing model based on the embedded Markov chain to study and analyze the performance of rule-based firewalls when subjected to normal traffic flows as well as DoS attack flows targeting different rule positions. We derive equations for key features and performance measures of engineering and design significance. These features and measures include throughput, packet loss, packet delay, and firewall's CPU utilization. In addition, we verify and validate our analytical model using simulation and real experimental measurements.

Original languageBritish English
Article number6112159
Pages (from-to)12-21
Number of pages10
JournalIEEE Transactions on Network and Service Management
Issue number1
StatePublished - Mar 2012


  • Network firewalls
  • performance analysis
  • performance modeling
  • queueing systems


Dive into the research topics of 'Performance modeling and analysis of network firewalls'. Together they form a unique fingerprint.

Cite this