Nizar Ben Neji

Nizar Ben Neji
Phd Student
nizar.benneji<at>supcom.rnu.tn
Thesis Title: Optimizing of the performance of the packet filtering systems to keep up with high speed networks.

Keywords: Secutity policy, Optimization, Packet classification, Firewalls, IDS.

Biography Nizar Ben Neji received in 2005 his engineering degree in computer science from the national Tunisian school of computer sciences (ENSI) and he received in 2008 his MS degree from the higher school of communications of Tunis (Sup’Com). Nizar Ben Neji is actually a PhD student at Sup’Com and his research interests are about security devices and optimizing the performance of the packet classifiers used in high speed networks. Nizar BEN NEJI works also as PKI engineer in the National Digital Certification Agency and he is a member of the Tunisian Association of Digital Security (TADS).

Publications
QuickSearch:   Number of matching entries: 0.
Search Settings
    AuthorTitleYearJournal/ProceedingsReftypeDOI/URL
    Ben-Neji, N. & Bouhoula, A. Dynamic Scheme for Packet Classification Using Splay Trees 2009 Journal of Information Assurance and Security (JIAS) Vol. 4, pp. 133-141  article URL 
    Abstract: Many researches are about optimizing schemes for packet classification and matching filters to increase the performance of many network devices such as firewalls and QoS routers. Most of the proposed algorithms do not process dynamically the packets and give no specific interest in the skewness of the traffic. In this paper, we conceive a set of self-adjusting tree filters by combining the scheme of binary search on prefix length with the splay tree model. Hence, we have at most 2 hash accesses per filter for consecutive values. Our proposed filter is adapted to easily assure exact matching for protocol field, prefix matching for IP addresses, and range matching for port numbers. Also, we use the splaying technique to optimize the early rejection of unwanted flows, which is important for many filtering devices such as firewalls.
    BibTeX:
    @article{,
      author = {Nizar Ben-Neji and Adel Bouhoula},
      title = {Dynamic Scheme for Packet Classification Using Splay Trees},
      journal = {Journal of Information Assurance and Security (JIAS)},
      year = {2009},
      volume = {4},
      pages = {133-141},
      url = {http://www.mirlabs.org/jias/secured/Volume4-Issue2/benneji.pdf}
    }
    
    Ben-Neji, N. & Bouhoula, A. Self-adjusting Scheme for High Speed Routers 2008 Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN'08), pp. 542-543  article URL 
    Abstract: Many schemes of high-performance IP address lookup have been proposed recently. But most of them do not process dynamically the packets and give no specific interest in the skewness of the traffic. Hence, the lack of dynamic packet routing algorithms has been the motivation for this research. In this paper, we have conceived a self-adjusting tree filter, by combining the scheme of binary search on prefix length with the splay tree model. Consequently, we have at most 2 hash accesses for all consecutive values. We give also a special interest in the amount of packets treated then routed through the default route entry. Those packets present an important part of the traffic treated by the routers and they might cause more harm than others as they traverse a long decision path before they are finally sent to the default route.
    BibTeX:
    @article{,
      author = {Nizar Ben-Neji and Adel Bouhoula},
      title = {Self-adjusting Scheme for High Speed Routers},
      journal = {Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN'08)},
      year = {2008},
      pages = {542-543},
      url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4664229}
    }
    
    Ben-Neji, N. & Bouhoula, A. Dynamic Scheme for Packet Classification Using Splay Trees 2008 Proceedings of the International Workshop on Computational Intelligence in Secutity for Information Systems (CISIS'08) Vol. 53, pp. 211-218  article URL 
    Abstract: Many schemes of high-performance IP address lookup have been proposed recently. But most of them do not process dynamically the packets and give no specific interest in the skewness of the traffic. Hence, the lack of dynamic packet routing algorithms has been the motivation for this research. In this paper, we have conceived a self-adjusting tree filter, by combining the scheme of binary search on prefix length with the splay tree model. Consequently, we have at most 2 hash accesses for all consecutive values. We give also a special interest in the amount of packets treated then routed through the default route entry. Those packets present an important part of the traffic treated by the routers and they might cause more harm than others as they traverse a long decision path before they are finally sent to the default route.
    BibTeX:
    @article{,
      author = {Nizar Ben-Neji and Adel Bouhoula},
      title = {Dynamic Scheme for Packet Classification Using Splay Trees},
      journal = {Proceedings of the International Workshop on Computational Intelligence in Secutity for Information Systems (CISIS'08)},
      year = {2008},
      volume = {53},
      pages = {211-218},
      url = {http://www.springerlink.com/content/6j724t30208rw30q/}
    }