Content based packet filtering in linux kernel using deterministic finite automata

Download
2011
Bilal, Tahir
In this thesis, we present a content based packet filtering Architecture in Linux using Deterministic Finite Automata and iptables framework. New generation firewalls and intrusion detection systems not only filter or inspect network packets according to their header fields but also take into account the content of payload. These systems use a set of signatures in the form of regular expressions or plain strings to scan network packets. This scanning phase is a CPU intensive task which may degrade network performance. Currently, the Linux kernel firewall scans network packets separately for each signature in the signature set provided by the user. This approach constitutes a considerable bottleneck to network performance. We implement a content based packet filtering architecture and a multiple string matching extension for the Linux kernel firewall that matches all signatures at once, and show that we are able to filter network traffic by consuming constant bandwidth regardless of the number of signatures. Furthermore, we show that we can do packet filtering in multi-gigabit rates.

Suggestions

Data integration over horizontally partitioned databases in service-oriented data grids
Sunercan, Hatice Kevser Sönmez; Çiçekli, Fehime Nihan; Alpdemir, Mahmut Nedim; Department of Computer Engineering (2010)
Information integration over distributed and heterogeneous resources has been challenging in many terms: coping with various kinds of heterogeneity including data model, platform, access interfaces; coping with various forms of data distribution and maintenance policies, scalability, performance, security and trust, reliability and resilience, legal issues etc. It is obvious that each of these dimensions deserves a separate thread of research efforts. One particular challenge among the ones listed above tha...
Dosso - automatic detector of shared objects in multithreaded java programs
Tolubaeva, Munara; Betin Can, Aysu; Department of Information Systems (2009)
In this thesis, we present a simple and efficient automated analysis tool called DoSSO that detects shared objects in multithreaded Java programs. DoSSO reports only the shared objects that are modified by at least one thread. Based on this tool, we propose a new approach in developing concurrent software where programmers implement the system without considering synchronization issues first and then use appropriate locking mechanism only for the objects reported by DoSSO. To evaluate the applicability of D...
Visual composition component oriented development
Öztürk, Murat Mutlu; Doğru, Ali Hikmet; Department of Computer Engineering (2005)
This thesis introduces a visual composition approach for JavaBeans components, in compliance with the Component Oriented Software Engineering (COSE) process. The graphical modeling tool, COSECASE, is enhanced with the ability to build a system by integrating domain-specific components. Such integration is implemented by defining connection points and interaction details between components. The event model of the JavaBeans architecture is also added to the capabilities.
Semantically enriched web service composition in mobile environments
Ertürkmen, K. Alpay; Doğaç, Asuman; Department of Information Systems (2003)
Web Services are self-contained, self-describing, modular applications that can be published, located, and invoked through XML artefacts across the Web. Web services technologies can be applied to many kinds of applications, where they offer considerable advantages compared to the old world of product-specific APIs, platform-specific coding, and other أbrittleؤ technology restrictions. Currently there are millions of web services available on the web due to the increase in e-commerce business volume. Web se...
Standalone static binary executable rewriting for software protection
Bican, Özgür Saygın; Şehitoğlu, Onur Tolga; Department of Computer Engineering (2015)
This study introduces a static binary rewriting method for improving security of executable binaries. For software security, when the network and host-based precautions are passed by the adversary or they are not present at all, the software has to defend itself. Nevertheless, applying software protection methods during software development requires extra source code development and know-how. Furthermore, these methods inherently make the software undesirably complex. Applying these methods after compilatio...
Citation Formats
T. Bilal, “Content based packet filtering in linux kernel using deterministic finite automata,” M.S. - Master of Science, Middle East Technical University, 2011.