Learn More
—New modes of communication have shown themselves to be needed for more secure and private types of data. Steganography or data-hiding through covert channels can be highly motivated by today's security requirements and various needs of applications. Moreover, the amount of information in the Internet traffic is not bounded by what is contained in packets(More)
—Network security devices such as firewalls and intrusion detection systems are constantly updated in their implementation to accommodate new features, performance standards and to utilize new hardware optimization. Reliable, yet practical, testing techniques for validating the configuration enforcement after every new software and firmware update become(More)
— Recent studies show that configurations of network access control is one of the most complex and error prone network management tasks. For this reason, network miscon-figuration becomes the main source for network unreachablility and vulnerability problems. In this paper, we present a novel approach that models the global end-to-end behavior of access(More)
— Packet filtering plays a critical role in the performance of many network devices such as firewalls, IPSec gateways, DiffServ and QoS routers. A tremendous amount of research was proposed to optimize packet filters. However, most of the related works use deterministic techniques and do not exploit the traffic characteristics in their optimization schemes.(More)
The implementation of network security devices such as firewalls and IDSs are constantly being improved to accommodate higher security and performance standards. Using reliable and yet practical techniques for testing the functionality of firewall devices particularly after new filtering implementation or optimization becomes necessary to assure proven(More)
—This paper presents a theoretic framework of optimal resource allocation and admission control for peer-to-peer networks. Peer's behavioral rankings are incorporated into the resource allocation and admission control to provide differentiated services and even to block peers with bad rankings. These peers may be free-riders or suspicious attackers. A peer(More)
—A major threat to data networks is based on the fact that some traffic can be expensive to classify and filter as it will undergo a longer than average list of filtering rules before being rejected by the default deny rule. An attacker with some information about the access-control list (ACL) deployed at a firewall or an intrusion detection and prevention(More)
— Packet classification plays a critical role in many of the current networking technologies, and efficient yet lightweight packet classification techniques are highly crucial for their successful deployment. Most of the current packet classification techniques exploit the characteristics of classification policies, without considering the traffic behavior(More)
—Packet matching plays a critical role in the performance of many network devices and a tremendous amount of research has already been invested to come up with better optimized packet filters. However, most of the related works use determin-istic techniques and do not exploit the traffic characteristics in their optimization schemes. In addition, most(More)