Dissertation Implementation Test

This video demonstrates the evaluation of a stability-aware adaptive firewall deployed at an IoT edge gateway under controlled traffic conditions. The objective is to analyse how adaptive firewall rule updates affect network performance, system stability, and availability. The iperf3 output shows per-second interval measurements of throughput between the IoT client and the edge gateway. Observed Data: * Time intervals: 3.00–5.00 sec and 57.00–59.00 sec * Throughput: 0.00 bits/sec across all streams * Data transfer: 0.00 Bytes * Retransmissions: minimal (0–1 per stream) * Parallel streams: multiple [5]–[23] This means that: * Traffic is completely blocked during these intervals * Indicates that firewall rules are actively dropping packets * Confirms that adaptive blocking mechanism is functioning * No throughput = 100% traffic suppression during enforcement phase CPU Performance Monitoring output: CPU utilisation was monitored continuously during firewall operation. Observed Data: * %usr: ~2% – 11% * %sys: ~2% – 8% * %iowait: ~0% * %idle: ~88% – 96% This means that: * System maintains high idle percentage (88%) * Low user/system CPU usage indicates: * Minimal processing overhead * Efficient firewall rule handling * No spikes or instability observed - system remains stable under load Connectivity testing: Repeated connection attempts were made using: nc -z -w1 192.168.20.10 port Observed data: * Ports tested: 80 HTTP, 22 SSH, 23 Telnet * Output: Exit 1 for all attempts This means that: * Exit 1 = connection failure * All services are consistently unreachable * Confirms: * Firewall is enforcing strict access control * Block rules are correctly applied across multiple ports Adaptive Firewall Log Analysis: The firewall log adaptive_firewall_log.csv captures dynamic rule behaviour. Observed Data: * FIREWALL_STARTED * THREAT_DETECTED * BLOCK_ADDED * BLOCK_REMOVED * BLOCK_EXPIRED * Rule count: increases from 7 - 8 * Total detections: incrementing over time * Blocks/unblocks tracked dynamically This means that: * Firewall actively detects suspicious activity * Applies blocking rules * Removes expired rules * Demonstrates adaptive behaviour (rule churn) * Confirms system is not static, but dynamically responding to traffic Overall Experimental Findings: Security Effectiveness: * 100% blocking observed (0 throughput) * All tested ports inaccessible * Successful detection and mitigation of threats System Stability: * CPU remains stable (high idle) * No resource exhaustion observed * No crashes or performance degradation Trade-off Insight: * Increased blocking leads to: * Maximum security * But zero availability (traffic fully stopped) The results demonstrate that the adaptive firewall: * Successfully enforces real-time security policies * Maintains low system overhead * Operates stably under continuous rule updates