Secure Data Transmission Using GEM Firewall: A High-Performance Rule Matching and Encryption Framework
Keywords:
Encryption tunnels, GEM firewall, Heuristic rule splitting, Intrusion detection, Packet classification, Secure transmission, SteganographyAbstract
Modern enterprise networks demand scalable and high-speed protection mechanisms capable of defending against sophisticated cyberattacks. Traditional firewalls suffer performance limitations due to linear rule evaluation, slow packet classification, and inefficient state tracking. This paper presents a comprehensive, GEM-based secure firewall system integrated with encryption, detection, heuristic rule splitting, and steganographic key management modules to ensure secure and high-performance data transmission. The proposed framework demonstrates measurable improvements in packet-matching efficiency, memory reduction, throughput, and encrypted communication security. Extensive simulations confirm improvements over traditional packet filter firewalls.
References
P. Gupta and N. McKeown, “Packet classification on multiple fields,” in ACM SIGCOMM Computer Communication Review, vol. 29, no. 4, pp. 147–160, Aug. 1999, doi: https://doi.org/10.1145/316194.316217
F. Baboescu and G. Varghese, “Scalable packet classification,” in Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, Aug. 2001, pp. 199–210, doi: https://doi.org/10.1145/383059.383075
A. Rashelbach, O. Rottenstreich, M. Silberstein, “A computational approach to packet classification”, Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication, Jul. 2020, pp. 542–556, doi: https://doi.org/10.1145/3387514.3405886
L. Li and X. Lu, “A fast algorithm for packet classification with reasonable memory usage,” 2007 International Conference on Wireless Communications, Networking and Mobile Computing, Shanghai, China, 2007, pp. 1941–1944, doi: https://doi.org/10.1109/WICOM.2007.486
C. Tan and Z. Li, “MultiSplit: An efficient algorithm for packet classification with equivalent priority,” Electronics, vol. 13, no. 15, 2024, doi: https://doi.org/10.3390/electronics13152967
J. Wang, Y. Xin, C. Lu, C. Jia, Y. Ding, “Evaluating partitions in packet classification with the asymmetric metric of disassortative modularity,” Symmetry, vol. 17, no. 1, 2025, doi: https://doi.org/10.3390/sym17010037
A. Korkmaz, S. Bulut, T. Talan, S. Kosunalp, and T. Iliev, “Enhancing firewall packet classification through artificial neural networks and synthetic minority over-sampling technique: An innovative approach with evaluative comparison,” Applied Sciences, vol. 14, no. 16, Aug. 2024, doi: https://doi.org/10.3390/app14167426
Y. A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “XG-NID: Dual-modality network intrusion detection using a heterogeneous graph neural network and large language model,” vol. 287, no. C, Aug 2025, doi: https://dl.acm.org/doi/10.1016/j.eswa.2025.128089
J. Fridrich, Steganography in Digital Media: Principles, Algorithms, and Applications. New York: Cambridge University Press, 2010.
S. Pirandola et al., “Advances in quantum cryptography,” Advances in Optics and Photonics, vol. 12, no. 4, pp. 1012–1236, 2020, doi: https://doi.org/10.1364/AOP.361502
W. Stallings, Cryptography and network security principles and practice, 7th ed. Essex, England: Pearson Education Limited, 2017.
H. Debar, M. Dacier, and A. Wespi, “A revised taxonomy for intrusion-detection systems,” Annales des Telecommunications, vol. 55, pp. 361–378, Jul. 2000, doi: https://doi.org/10.1007/BF02994844
S. Singh, F. Baboescu, G. Varghese, and J. Wang, “Packet classification using multidimensional cutting,” in Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, New York, NY, United States: Association for Computing Machinery, Aug. 2003, pp. 213–224. doi: https://doi.org/10.1145/863955.863980
M. H. Rahman, T. Islam, M. M. Rana, R. Tasnim, T. R. Mona and M. M. Sakib, “Machine learning approach on multiclass classification of internet firewall log files,” 2023 International Conference on Computational Intelligence and Sustainable Engineering Solutions (CISES), Greater Noida, India, 2023, pp. 358–364, doi: https://doi.org/10.1109/CISES58720.2023.10183601
