An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets

S. No

Comments

Changes made in the revised manuscript

based on the comments

1

A well-structured and thoroughly supported paper will contribute significantly to the understanding of optimizing packet filtering in network security. We encourage you to revise your paper with these recommendations in mind.

Thanks for your positive feedback.

In the revised version, more subsections and one table were added to  make the revised paper well-structured

Page 3,  Subsection 1.1 “Contribution”

Page 7, Table 1: Summary of state of the art packet filtering firewall systems.

Page 7, Subsection 2.1 “Research Gap”

Furthermore, more sentences were added to clarify the contribution of the suggested model. These sentences were marked with a red line throughout the whole manuscript.

2

 You have included a substantial number of references, make sure that each cited source contributes to the understanding of your research problem, methods, and findings.

Ok, we have checked that all cited references were contributed in the suggested methodology. The main model steps were discussed with mentioned to the appropriate references.

3

Consider providing more context on the rationale behind your chosen research design. Explain why the selected methods are suitable for addressing the research problem and how they contribute to the advancement of knowledge in the field.

In the revised version, more sentences were added to provide more context on the rationale behind your chosen research design.

“It is important to highlight that FPNs and their versions (e.g., interval type-2 FPNs) are powerless to deal with complex applications due to the existence of indeterminate and inconsistent information and the limitations of the knowledge reasoning operators”. 

Page 3

“Moreover, when comparing the generalized net technique to the neutrosophic Petri net approach that was used, one drawback becomes apparent: the former struggles to effectively express various forms of uncertainty. The definition of the neutrosophic Petri net is characterized by its simplicity, as well as its straightforward algorithm for functioning. This feature facilitates the streamlined development of simulation models.

Page 4

“For fuzzy knowledge representation and reasoning, the SNPNs theory gives tools for dealing with imprecise and ambiguous of packets’ information. In fact, the SNPNs model's implementation enables the use of essential features like testing for correct-ness, circular rules, consistency, and completeness. To represent the experience knowledge of subject matter experts, SNPNs are distinguished by three independent degrees of truth-membership, indeterminacy-membership, and falsity-membership”.

Pages 7&8

“The suggested model uses SNPNs as a visual representation of neutrosophic log-ic-based firewall packet management. Theoretically, the computing capability of PNs, FPNs, and SNPNs is the same; nevertheless, SNPNs have much greater modelling power because of their superior structural facilities. For any PN object (transition, place, or arc), neutrosophic logic may be used to construct logical expressions and functions. Specifically, we use the truth-membership function, the indeterminacy-membership function, and the falsity-membership function to describe the uncertainty in a packet's movement, a concept borrowed from neutrosophic logic for model-ling PN transition objects”.

Page 8

“The suggested packet filtering model is resilient to network traffic attacks because it uses neutrosophic logic to deal with the uncertainty associated with system variables like packet risk level and packet acceptance/rejection rate. Expert opinions were linked to linguistic factors in the proposed model using a neutrosophic method. These linguistic variables reflect the expert opinions more precisely”.

Page 14

4

Focus on improving the clarity of the presentation of your results. Clearly label figures and tables and provide concise captions that explain the significance of each result. Use subheadings to organize your results section for easy navigation.

In the revised version, we focus on improving the clarity of the presentation of our results by using subheadings to organize the results section for easy navigation.

Three subheadings were added for each experiment that include the aim, findings, and justification.

Pages 14&15

5

Clearly link each conclusion to specific results or observations from your study to strengthen the validity of your claims.

In the revised version, more sentences were added to the conclusion section to strengthen the validity of our claims according to our results.

“The prototype implementation of our firewall system indicates that it is suitable for deployment in real-world networking. Together with previous successes in rule optimization, it demonstrates the promise of our research results in enhancing the efficacy of firewalls. The findings show that the proposed model successfully distinguishes between genuine and malicious packets. When it comes to filtering packet traffic under conditions of uncertainty, the results from neutrosophic logic-based filtering regularly outperform those of conventional filtering methods. Furthermore, after optimizing (reordering), the firewall filtering model cut the time it takes for data packets to get through the firewall by about a third. Response times become more important as the number of rules increases”.

Page 16

S. No

Comments

Changes made in the revised manuscript

based on the comments

1

Overall, your step-by-step approach helps readers grasp the core components of your model without delving into complex mathematics. The succinct descriptions make it accessible to a wider audience, promoting comprehension and engagement.

Thanks for your positive feedback.

2

  It could be useful to insert a table at the end of the state of art section to highlight the main contributions of the previous work and the main research gaps.

In the revised version, a new table was added at the end of the state of the art section to highlight the main contributions of the previous work from the perspective of their strengths and limitations.

 Table 1, Page 7

In the revised version, a new subsection 1.1 Contribution" was added to highlight the main contribution.

“In this research, we provide a novel packet filtering model for firewalls that makes use of the traffic behavior of incoming packets to evaluate the external risk and improve the firewall's packet filtering process. Using the SNPNs concept as a strategy to manage uncertainty and inconsistent states improves the firewall's efficiency and performance by allowing it to handle a wider range of packet types, which in turn improves the firewall's ability to detect and prevent malicious activity. This is the first attempt to use SNPNs in the formation of firewall rule sets that describe the operation of firewall technologies. The ability to theoretically describe, simulate, and analyzed firewall packet filtering systems is greatly facilitated by SNPNs”.

Pages 3&4

Furthermore, a new subsection 2.1, “research gap," was added to highlight the research gap and the contribution of the suggested model.

“We think there are many unexplored opportunities in the field of intelligence firewalls, despite the numerous different packet filtering approaches now in use. This study introduces a novel model for intelligent packet filtering, one that takes advantage of SNPN's capabilities to create a double-tiered filtering architecture. The first tier of packet filtering aims to increase filtering protection by identifying and blocking the attackers' packets using risk levels, while the second tier aims to boost filtering performance based on the rating of accept and reject packets. For fuzzy knowledge representation and reasoning, the SNPNs theory gives tools for dealing with imprecise and ambiguous of packets’ information. In fact, the SNPNs model's implementation enables the use of essential features like testing for correctness, circular rules, consistency, and completeness. To represent the experience knowledge of subject matter experts, SNPNs are distinguished by three independent degrees of truth-membership, indeterminacy-membership, and falsity-membership”.

Page 7&8

3

More details are required about the two major factors of implementing the firewall; classify the line speed and the ability to process packets in different ways (line 318-319).

In the revised version, more sentences were added to discuss in detail two major factors of implementing the firewall: classifying the line speed and the ability to process packets in different ways.

“What amount of throughput, maximum simultaneous connections, connections per second, and latency requirements must be met to prevent the firewall from being a bottleneck for network access, for both current and future traffic needs?"

“The information available to packet filtering router is limited. Packets have information about their host but they cannot tell about the user. So, generally no restrictions can be enforced on particular users. Restriction can be enforced on the users who could access the ports through high level protocols. These protocols ensure that no other user is accessing that port. But that kind of control can easily be subverted.

4

It could be useful to insert a simple example illustrates the Eq1.

OK, Ref. [28] contains an illustrative example that briefly show how to use SNPNs to build a simulation model for aluminum electrolysis. 

Furthermore, each step in the suggested model discusses the role of SNPNs in building a firewall packet filtering model.

5

The characteristic of ??? is described using three neutrosophic variables; Why not more or less, which optimizer/expert knowledge was used?

Our choice was based on the primary study described in Ref. [28], thus we use the exact same membership functions with the identical settings.

In future research, we will be able to see how changing the number of neutrosophic variables affects the overall effectiveness of the system.

6

The methodology section needs to be rewritten to explain clearly the main contributions of this work.  Many mathematical formulas with no explanation where it could be used at the proposed model.

In the revised version, a new subsection 1.1 Contribution" was added to highlight the main contribution.

Pages 3&4

Furthermore, new sentences were added in the methodology section that highlight the contribution of the work.

“The suggested model uses SNPNs as a visual representation of neutrosophic log-ic-based firewall packet management. Theoretically, the computing capability of PNs, FPNs, and SNPNs is the same; nevertheless, SNPNs have much greater modelling power because of their superior structural facilities. For any PN object (transition, place, or arc), neutrosophic logic may be used to construct logical expressions and functions. Specifically, we use the truth-membership function, the indeterminacy-membership function, and the falsity-membership function to describe the uncertainty in a packet's movement, a concept borrowed from neutrosophic logic for modelling PN transition objects”.

“To filter Internet traffic, neutrosophic logic has been used at two levels: first, to evaluate the potential threat posed by incoming packets from the Internet; and second, to reorganize the access control list (ACL) by assigning acceptance and rejection ratings to each packet. ACLs are often established by the network administrator, who determines the permissions granted to various users and network resources based on a predetermined set of rules designed to achieve a number of security goals.”

Page 8

“In conclusion, the proposed model can dynamically alter the order of rules to reflect their highest priority based on the acceptance and rejection rates of packets, as well as the ability to change the rules' activities in two distinct phases, depending on the risk level of the incoming traffic. The suggested packet filtering model is resilient to net-work traffic attacks because it uses neutrosophic logic to deal with the uncertainty associated with system variables like packet risk level and packet acceptance/rejection rate. Expert opinions were linked to linguistic factors in the proposed model using a neutrosophic method. These linguistic variables reflect the expert opinions more precisely”.

Page 14

7

Risk Level ?, how you determine the membership function for this consequent.

Our choice was based on the primary study described in Ref. [28], thus we use the exact same membership functions with the identical settings.

8

The testing procedure is not clear, how you evaluate this model, offline data or online data.

We evaluate this model offline by utilizing Network Simulator 11.3 software (http://fr.lagache.free.fr/netsim/exemple_filtrage.php?lang=en). In this case, after we execute the prototype version of our model to build the ACL with re-configured rules, these rules are used within the simulator to filter the network packets.

9

The procedure of extracting the fuzzy rules is not clear.

In the current version of the suggested model, these fuzzy rules are defined according to what was presented in related work, especially the work presented in Refs. [68-71].

68.     Naik, N., Jenkins, P. Enhancing windows firewall security using fuzzy reasoning. In Proceedings of the 2016 14th International Conference on Dependable, Autonomic and Secure Computing, pp. 263-269, 2016.

69.     Swapna, A., Rahman, Z., Rahman, M., Akramuzzaman, M. Performance evaluation of fuzzy integrated firewall model for hybrid cloud based on packet utilization. In Proceedings of the IEEE International Conference on Computer Communication and the Internet, pp. 253-256, 2016.

70.     Naik, N., Jenkins, P. Fuzzy reasoning based windows firewall for preventing denial of service attack. In Proceedings of the IEEE International Conference on Fuzzy Systems, pp. 759-766, 2016.

71.     Naik, N., Jenkins, P., Kerby, B., Sloane, J., Yang, L. Fuzzy logic aided intelligent threat detection in cisco adaptive security appliance 5500 series firewalls. In Proceedings of the IEEE International Conference on Fuzzy Systems, pp. 1-8, 2018.

10

A certain threshold in line 485 (explain why we need this value).

The threshold  can be determined by the security administrator.

In our case, the default value was determined according to preliminary experiments conducted to verify the best value of  to achieve a balance between the two goals of classifying network packets at line speed and processing packets in various ways to accommodate various filtering policies.

11

 For references and tables and figures, it could be useful to use the label and mentioned them as /ref.

OK, the manuscript is prepared according to the MDPI publishing house's authorized template, and any typos in the citations of references, table, and figure are fixed during the final proofreading process.

S. No

Comments

Changes made in the revised manuscript

based on the comments

Overall, the paper represents some significant results in the Petri nets modelling of traffic flows. I recommend that the paper be published once the authors address adequately my remarks.

Thanks for your positive feedback.

2

The abstract is too long and should be revised. There is no need to explain the meaning of notions in the abstract as the authors have done beginning with the first sentence of the abstract.

 In the revised version, the abstract has been reduced by removing the sentences that contain the meaning of notions.

“Due to the Internet's explosive growth, network security is now a major concern; as a result, tracking network traffic is essential for a variety of uses, including improving system efficiency, fixing bugs in the network, and keeping sensitive data secure. Fire-walls are a crucial component of enterprise-wide security architectures because they protect individual networks from intrusion. The efficiency of a firewall can be negatively impacted by issues with its design, configuration, monitoring, and administration. Recent firewall security methods don't have the rigor to deal with the vagueness and uncertainty that come with filtering packets from the outside. Fuzzy Petri nets (FPNs) are widely used as a modeling tool for knowledge representation and reasoning. Despite their widespread success, FPNs' limitations in the security engineering field stem from the fact that it is difficult to represent different kinds of uncertainty. This article details the construction of a novel packet filtering firewall model that ad-dresses the limitations of current FPN-based filtering methods. The primary contribution is to employ simplified neutrosophic Petri nets (SNPNs) as a tool for modeling discrete event systems in the area of firewall packet filtering that are characterized by imprecise knowledge. Because of SNPNs' symbolic ability, the packet filtration model can be quickly and easily established, examined, enhanced, and maintained. Based on the idea that the ambiguity of a packet's movement can be described by if-then fuzzy production rules realized by the truth-membership function, the indeterminacy-membership function, and the falsity-membership functional, we adopt the neutrosophic logic for modelling PN transition objects. In addition, we simulate the dynamic behavior of the tracking system in light of the ambiguity inherent in packet filtering by presenting a two-level filtering method to improve the ranking of the filter-ing rules list. Results from experiments on a local area network back up the efficacy of the proposed method and illustrate how it can increase the firewall's susceptibility to threats posed by network traffic.”

2

In the Introduction, the most important notions used in the paper such as Cryptography, computer security, tamper-resistant hardware, formal techniques, economics, applied psychology, organizational knowledge are mentioned briefly.  Overall, the Introduction is very well written and all sources are relevant to the research

Thanks for your positive feedback.

3

First, the authors should state clearly why they have chosen the Neutrosophic sets as a tool for modelling of uncertainty and not for example the more widely used Intuitionistic fuzzy sets

In the revised version, new sentences were added that clearly state why we have chosen the neutrosophic sets as a tool for modelling uncertainty and not the more widely used intuitionistic fuzzy sets.

“In Neutrosophic sets truthness and falsity are independent whereas in intuitionistic sets it is dependent. The main difference between Intuitionistic fuzzy set and Neutrosophic fuzzy set is the middle/neutral/indeterminant component”

“Fuzzy Petri nets (FPNs) are widely used as a modeling tool for knowledge representation and reasoning. Despite their widespread success, FPNs' limitations in the security engineering field stem from the fact that it is difficult to represent different kinds of uncertainty”.

“It is important to highlight that FPNs and their versions (e.g., interval type-2 FPNs) are powerless to deal with complex applications due to the existence of indeterminate and inconsistent information and the limitations of the knowledge reasoning operators”.

“Thus, Simplified Neutrosophic Petri nets (SNPNs) are used with SNS as a novel kind of FPN for knowledge representation. It is easier to manage uncertainty and inconsistency using a knowledge representation and reasoning (KRR) paradigm like this”

4

Second, the authors should compare shortly other approaches to the modelling of discrete event systems to the chosen by them Petri nets approach. For example, an extension of the Petri Nets named Generalized Nets has been successfully used in the modelling of overall telecommunication system

In the revised version, a new sentence was added that compares the utilized neutrosophic Petri nets and generalized nets.

"Furthermore, the generalized net approach has one disadvantage compared to the utilized neutrosophic Petri net approach: it is difficult to represent different kinds of uncertainty. The neutrosophic Petri net has a much simpler definition and simple algorithm for functioning. It allows for the easier construction of simulation models".

Page 4

5

Also,  as a reference to the notion of a Petri Net, I recommend to the authors the following sources:

C. A. Petri, Kommunikation mit Automaten, Bonn:Institut für Instrumentelle Mathematik, vol. 3, 1962.

T. Murata, "Petri nets: Properties, analysis and applications," in Proceedings of the IEEE, vol. 77, no. 4, pp. 541-580, April 1989, doi: 10.1109/5.24143.

In the revised version , more recent references were added [24][26][27][28]

Furthermore, the recommended reference Ref.[29] was added and cited in the paper.

24.     Tiwari, N., Hubballi, N. Secure Socket Shell Brute force Attack Detection with Petri Net Modeling. IEEE Transactions on Network and Service Management, vol. 20, issue 1, pp. 697 – 710, 2023.

25.     Liu, H., You, J., Li, Z, Tian, G. Fuzzy Petri nets for knowledge representation and reasoning: A literature review. Engineering Applications of Artificial Intelligence, vol.60, pp. 45-56, 2017.

26.     Lin, Y., Yang, C., Wang, S., Chiou, G., Shen, V., Tung, Y., Shen, F., Cheng, H. Development and evaluation of an intelligent system for calibrating karaoke lyrics based on fuzzy Petri nets. Applied Artificial Intelligence, vol. 36, no. 1, 2110699, pp. 1-27, 2022.

27.     Shi, H., Wang, L., Li, X., Liu, H. A novel method for failure mode and effects analysis using fuzzy evidential reasoning and fuzzy Petri nets. Journal of Ambient Intelligence and Humanized Computing, vol. 11, pp. 2381-2395, 2020.

28.     Yue, W., Wan, X., Li, S., Ren, H., He, H. Simplified Neutrosophic Petri Nets Used for Identification of Superheat Degree. International Journal of Fuzzy Systems, vol. 24, no. 8, pp. 3431-3455, 2022.

29.     T. Murata, "Petri nets: Properties, analysis and applications," in Proceedings of the IEEE, vol. 77, no. 4, pp. 541-580, April 1989.

6

The methodology is excellently described. The equations are however carelessly formatted. When the equations appear at the end of a sentence they should be followed by ‘.’.  Also, equations written as several cases should have a punctuation mark . See for example, (3), (4), (5), (6) etc.

Thanks for your positive feedback.

In the revised version, the format of equations has been unified according to the correct style.

7

Page 9 has been left half-blank.

In the revised version, all blanks were removed.

8

The title of Section 4 is left alone at the end of the page.

In the revised version, the title was moved to the next page.

9

Table 6 has been split on two pages but only one row is left on the first page – it should be reformatted.

In the revised version, Table 6 is reformatted so that it appears as one unit.

10

Other than that, the analysis of the experimental results is excellent.

Thanks for your positive feedback.

11

I recommend to the authors, in their future work to compare the present approach with the one based on  Generalized nets as an extension of Petri nets and the Intuitionistic fuzzy set approach instead of the Neutrosophic sets.

Ok, in the revised version, we added this task to future work.

“The subject of whether desired features of firewall systems may be stated as dynamic properties and then validated by SNPNs is one that might be explored in the future. Furthermore, compare the present approach with the one based on generalized nets as an extension of Petri nets and the intuitionistic fuzzy set approach instead of the neutrosophic sets. Finally, make more comparisons with the current methods [68–76] to show the efficiency of the proposed system”

S. No

Comments

Changes made in the revised manuscript

based on the comments

1

I find this version of the paper to be satisfactory. Good luck

Thanks for your positive feedback.

S. No

Comments

Changes made in the revised manuscript

based on the comments

1

"In Neutrosophic sets truthness and falsity are independent whereas in intuitionistic sets it is dependent. The main difference between Intuitionistic fuzzy set and Neutrosophic fuzzy set is the middle/neutral/indeterminant component”. This statement is not true, since in intuitionistic fuzzy sets the degree of membership and non-membership are independent and, also, there is a degree of uncertainty which corresponds to the so called neutral element in Neutrosophic sets.

Ok, in the revised version, and according to many references, I removed the sentence “In Neutrosophic sets, truthfulness and falsity are independent, whereas in intuitionistic sets they are dependent”.

There is a difference between the degree of uncertainty in intuitionistic sets and indeterminant sets in Neutrosophic sets. 

As a generalization of fuzzy sets and intuitionistic fuzzy sets, neutrosophic sets have been developed to represent uncertain, imprecise, incomplete, and inconsistent information existing in the real world.

Intuitionistic Fuzzy set (IFS) is used to tackle the uncertainty using the truth and falsity membership grades, whereas neutrosophic set (NS) is used to tackle uncertainty using the truth, indeterminacy and falsity membership grades which are considered as independent.

Recently, research on uncertainty modeling is progressing rapidly and many essential and breakthrough studies have already been done. There are various ways such as fuzzy and intuitionistic fuzzy sets to handle these uncertainties. Although these concepts can handle incomplete information in various real-world issues, they cannot address all types of uncertainty such as indeterminate and inconsistent information. The neutrosophic theory constitutes a further generalization of fuzzy set, intuitionistic fuzzy set, picture fuzzy set, Pythagorean fuzzy set, spherical fuzzy set, etc.

2

Another important question which was partially addressed is the choice of using Petri Nets instead of the similar approaches based on the generalized nets - an extension of the Petri Nets. The authors should include the suggested references to the generalized nets as a tool for modelling of the traffic in service systems in general in the paragraph between lines 147-163.

OK, in the revised version, many references were added for generalized nets as a tool for modelling traffic in service systems. Refs. [30-35]

30.  Atanassov, K., Andonov, V. Generalized nets and intuitionistic fuzzy pairs as tools for modelling of flexible manufacturing systems. Notes Intuition. Fuzzy Sets, vol. 26, no. 2, pp. 40-69, 2020.

31.  Atanassov, K. Generalized nets and intuitionistic fuzziness as tools for modeling of data mining processes and tools. Notes Intuition. Fuzzy Sets, vol. 26, no. 4, pp. 9-52, 2020.

32.  Orozova, D., Hristova, N. Generalized net model for dynamic decision making and prognoses. In Proceedings of the IEEE International Symposium on Electrical Apparatus & Technologies, pp. 1-4, 2020.

33.  Stratiev, D., Dimitriev, A., Stratiev, D., Atanassov, K. Modeling the Production Process of Fuel Gas, LPG, Propylene, and Polypropylene in a Petroleum Refinery Using Generalized Nets. Mathematics, vol.11, Issue 17, 3800, pp. 1-20, 2023.

34.  Boyukov, T., Atanassov, K. Generalized Nets as a Tool for Modelling of Railway Networks. Part 2. In Proceedings of the Inter-national Workshop on Intuitionistic Fuzzy Sets and Generalized Nets, pp. 120-128, Cham: Springer International Publishing, 2020.

35.  Stratiev, D., Zoteva, D., Atanassov, K. Modelling the process of production of automotive gasoline by the use of Generalized Nets. In Proceedings of the International Workshop on Intuitionistic Fuzzy Sets and Generalized Nets, pp. 349-365, Cham: Springer International Publishing, 2020.

3

Also, no references are made to the notion of Intuitionistic fuzzy set. The authors have correctly mentioned it as an alternative approach but it should be supported by a reference to it.

OK, in the revised version many references were added for Intuitionistic fuzzy set. Refs. [78-82]

78. Gohain, B., Chutia, R., Dutta, P. A distance measure for optimistic viewpoint of the information in interval-valued intuition-istic fuzzy sets and its applications. Engineering Applications of Artificial Intelligence, vol. 119, 105747, pp.1-21, 2023.

79.  Patel, A., Jana, S., Mahanta, J. Construction of similarity measure for intuitionistic fuzzy sets and its application in face recognition and software quality evaluation. Expert Systems with Applications, vol. 14, 21491, pp.1-23, 2023.

80.  Dwivedi, A., Kaliyaperumal, U., Kuruvilla, J., Thomas, A., Shanthi, D., Haldorai, A. Time-series data prediction problem analysis through multilayered intuitionistic fuzzy sets. Soft Computing, vol. 27, no. 3, pp. 1663-1671, 2023.

81.  Yue, Q., Zou, W., Hu, W. A new theory of triangular intuitionistic fuzzy sets to solve the two-sided matching problem. Al-exandria Engineering Journal, vol. 63, no. 4, pp. 57-73, 2023.

82.  Yazdi, M., Kabir, S., Kumar, M., Ghafir, I., Islam, F. Reliability Analysis of Process Systems Using Intuitionistic Fuzzy Set Theory. In Advances in Reliability, Failure and Risk Analysis, pp. 215-250, Singapore: Springer Nature Singapore, 2023.