Hsien-Wei Hung

Learn More
By the development of network applications, network security issues are getting more and more important. This paper proposes a multiple-pattern matching algorithm for the network intrusion detection systems based on the GPU (Graphics Processing Units). The highly parallelism of the GPU computation power is used to inspect the packet content in parallel. The(More)
This paper proposes a defense in depth network security architecture and applies the data mining technologies to analyze the alerts collected from distributed intrusion detection and prevention systems (IDS/IPS). The proposed defense in depth architecture consists of a global policy server (GPS) to manage the scattered intrusion detection and prevention(More)
– Pattern or string matching algorithm is one of the most critical tasks in the design of a high-speed network intrusion detection system (NIDS). In this paper, an efficient pre-filtering algorithm, called Super-Symbol Filter (SSF), is proposed to filter the normal traffic before they are forwarded to a pattern matching algorithm. The proposed SSF algorithm(More)
We propose a distributed architecture of Web filtering system focused on its operation and implementation for IPv6 home networks. The realized system, called WKeeper, employs the feature of IPv6 anycast to achieve distributed load balance. WKeeper has been proven to be functioning well in both IPv4 and IPv6 networks even with mobility support. In a home(More)
HTTP is the main protocol of the Internet and many network applications rely on it. Malware also utilizes it as a covert channel through which to evade the firewall (FW) or network intrusion detection system (NIDS). We recognize a malware, which employs HTTP to communicate as the HTTP-like Botnet. Some parts of the network traffic of an HTTP-like Botnet are(More)
—Connection tracking by manipulating session tables is essential for stateful inspection capable applications such as stateful firewalls, network-based intrusion prevention systems (NIPS), traffic accounting and monitoring to process packets according to session state information. With the prevalence of multi-core computing, it is crucial to optimize the(More)
Zero-day attack is a critical network attack. The zero-day attack period (ZDAP) is the period from the release of malware/exploit until a patch becomes available. IDS/IPS cannot effectively block zero-day attacks because they use pattern-based signatures in general. This paper proposes a Prophetic Defender (PD) by which ZDAP can be minimized. Prior to(More)