• Publications
  • Influence
A flexible and efficient container-based NFV platform for middlebox networking
This work proposes a high-performance platform based on Docker containers and DPDK for the deployment of multiple virtual middleboxes that provides proper isolation of NFs with 4% overhead and outperforms the Single Root I/O Virtualization platform with 7x the throughput.
Janus: A User-Level TCP Stack for Processing 40 Million Concurrent TCP Connections
Janus is presented, a high-performance user-level TCP stack that focuses on serving massive TCP connections and significantly outperforms Linux and state-of-the-art user-space network stacks in both throughput and connection concurrency.
Self-Adaptive Frequency Scaling Architecture for Intrusion Detection System
A new method to adjust the frequency of IDS’s devices’ main processors automatically based on the prediction of the network traffic is proposed, which calculates optimal frequency scaling operation sequence via an internal sandbox model, so as to achieve energy saving purposes.
Understanding the Network Traffic Constraints for Deep Packet Inspection by Passive Measurement
A scalable passive measurement system, which adopts fast packet I/O technique to capture network traffic, and Spark to process the collected data, and finds that over 90% of TCP SYN packets have no subsequent data packet, and over 80% of tcp flow's round trip time are less than 400ms.
Evaluating routing asymmetry by passive flow measurements with spark
This work builds a scalable passive measurement system for online or offline evaluating routing asymmetry and finds that over 90% of TCP flows are asymmetric, and over 70% of flows from full IP asymmetry that a same IP address traverse different links.
Taking over malicious connection in half way by migrating protocol state to a user-level TCP stack
This paper proposes an efficient and flexible solution to take over malicious connections selectively at any period of the connections combining with two typical deployments of NIDS, and shows that the response speed of the approach is 8x faster than the OS stack, and more stable.