Thesis Title: Optimizing of the performance of the packet filtering systems to keep up with high speed networks.
Keywords: Secutity policy, Optimization, Packet classification, Firewalls, IDS.
Biography Nizar Ben Neji received in 2005 his engineering degree in computer science from the national Tunisian school of computer sciences (ENSI) and he received in 2008 his MS degree from the higher school of communications of Tunis (Sup’Com). Nizar Ben Neji is actually a PhD student at Sup’Com and his research interests are about security devices and optimizing the performance of the packet classifiers used in high speed networks. Nizar BEN NEJI works also as PKI engineer in the National Digital Certification Agency and he is a member of the Tunisian Association of Digital Security (TADS).
Publications
Keywords: Secutity policy, Optimization, Packet classification, Firewalls, IDS.
Biography Nizar Ben Neji received in 2005 his engineering degree in computer science from the national Tunisian school of computer sciences (ENSI) and he received in 2008 his MS degree from the higher school of communications of Tunis (Sup’Com). Nizar Ben Neji is actually a PhD student at Sup’Com and his research interests are about security devices and optimizing the performance of the packet classifiers used in high speed networks. Nizar BEN NEJI works also as PKI engineer in the National Digital Certification Agency and he is a member of the Tunisian Association of Digital Security (TADS).
Publications
| Author | Title | Year | Journal/Proceedings | Reftype | DOI/URL |
|---|---|---|---|---|---|
| Ben-Neji, N. & Bouhoula, A. | Dynamic Scheme for Packet Classification Using Splay Trees | 2009 | Journal of Information Assurance and Security (JIAS) Vol. 4, pp. 133-141 | article | URL |
| Abstract: Many researches are about optimizing schemes for packet classification and matching filters to increase the performance of many network devices such as firewalls and QoS routers. Most of the proposed algorithms do not process dynamically the packets and give no specific interest in the skewness of the traffic. In this paper, we conceive a set of self-adjusting tree filters by combining the scheme of binary search on prefix length with the splay tree model. Hence, we have at most 2 hash accesses per filter for consecutive values. Our proposed filter is adapted to easily assure exact matching for protocol field, prefix matching for IP addresses, and range matching for port numbers. Also, we use the splaying technique to optimize the early rejection of unwanted flows, which is important for many filtering devices such as firewalls. | |||||
BibTeX:
@article{,
author = {Nizar Ben-Neji and Adel Bouhoula},
title = {Dynamic Scheme for Packet Classification Using Splay Trees},
journal = {Journal of Information Assurance and Security (JIAS)},
year = {2009},
volume = {4},
pages = {133-141},
url = {http://www.mirlabs.org/jias/secured/Volume4-Issue2/benneji.pdf}
}
| |||||
| Ben-Neji, N. & Bouhoula, A. | Self-adjusting Scheme for High Speed Routers | 2008 | Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN'08), pp. 542-543 | article | URL |
| Abstract: Many schemes of high-performance IP address lookup have been proposed recently. But most of them do not process dynamically the packets and give no specific interest in the skewness of the traffic. Hence, the lack of dynamic packet routing algorithms has been the motivation for this research. In this paper, we have conceived a self-adjusting tree filter, by combining the scheme of binary search on prefix length with the splay tree model. Consequently, we have at most 2 hash accesses for all consecutive values. We give also a special interest in the amount of packets treated then routed through the default route entry. Those packets present an important part of the traffic treated by the routers and they might cause more harm than others as they traverse a long decision path before they are finally sent to the default route. | |||||
BibTeX:
@article{,
author = {Nizar Ben-Neji and Adel Bouhoula},
title = {Self-adjusting Scheme for High Speed Routers},
journal = {Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN'08)},
year = {2008},
pages = {542-543},
url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4664229}
}
| |||||
| Ben-Neji, N. & Bouhoula, A. | Dynamic Scheme for Packet Classification Using Splay Trees | 2008 | Proceedings of the International Workshop on Computational Intelligence in Secutity for Information Systems (CISIS'08) Vol. 53, pp. 211-218 | article | URL |
| Abstract: Many schemes of high-performance IP address lookup have been proposed recently. But most of them do not process dynamically the packets and give no specific interest in the skewness of the traffic. Hence, the lack of dynamic packet routing algorithms has been the motivation for this research. In this paper, we have conceived a self-adjusting tree filter, by combining the scheme of binary search on prefix length with the splay tree model. Consequently, we have at most 2 hash accesses for all consecutive values. We give also a special interest in the amount of packets treated then routed through the default route entry. Those packets present an important part of the traffic treated by the routers and they might cause more harm than others as they traverse a long decision path before they are finally sent to the default route. | |||||
BibTeX:
@article{,
author = {Nizar Ben-Neji and Adel Bouhoula},
title = {Dynamic Scheme for Packet Classification Using Splay Trees},
journal = {Proceedings of the International Workshop on Computational Intelligence in Secutity for Information Systems (CISIS'08)},
year = {2008},
volume = {53},
pages = {211-218},
url = {http://www.springerlink.com/content/6j724t30208rw30q/}
}
| |||||