Hsien-Wei Hung

Learn More
By the development of network applications, network security issues are getting more and more important. This paper proposes a multiple-pattern matching algorithm for the network intrusion detection systems based on the GPU (Graphics Processing Units). The highly parallelism of the GPU computation power is used to inspect the packet content in parallel. The(More)
This paper proposes a defense in depth network security architecture and applies the data mining technologies to analyze the alerts collected from distributed intrusion detection and prevention systems (IDS/IPS). The proposed defense in depth architecture consists of a global policy server (GPS) to manage the scattered intrusion detection and prevention(More)
Pattern or string matching algorithm is one of the most critical tasks in the design of a high-speed network intrusion detection system (NIDS). In this paper, an efficient pre-filtering algorithm, called Super-Symbol Filter (SSF), is proposed to filter the normal traffic before they are forwarded to a pattern matching algorithm. The proposed SSF algorithm(More)
HTTP is the main protocol of the Internet and many network applications rely on it. Malware also utilizes it as a covert channel through which to evade the firewall (FW) or network intrusion detection system (NIDS). We recognize a malware, which employs HTTP to communicate as the HTTP-like Botnet. Some parts of the network traffic of an HTTP-like Botnet are(More)
Network anti-virus (AV) solutions are the first line of defense against malicious software. Traditional proxy-based network anti-virus solutions with store-scan-forward techniques decrease network performance and consume massive amounts of memory. Therefore, traditional solutions are not easily adaptable for Network Function Virtualization (NFV). This paper(More)
Zero-day attack is a critical network attack. The zero-day attack period (ZDAP) is the period from the release of malware/exploit until a patch becomes available. IDS/IPS cannot effectively block zero-day attacks because they use pattern-based signatures in general. This paper proposes a Prophetic Defender (PD) by which ZDAP can be minimized. Prior to(More)
We propose a distributed architecture of Web filtering system focused on its operation and implementation for IPv6 home networks. The realized system, called WKeeper, employs the feature of IPv6 anycast to achieve distributed load balance. WKeeper has been proven to be functioning well in both IPv4 and IPv6 networks even with mobility support. In a home(More)