Learn More
—During the past decade, the packet classification problem has been widely studied to accelerate network applications such as access control, traffic engineering and intrusion detection. In our research, we found that although a great number of packet classification algorithms have been proposed in recent years, unfortunately most of them stagnate in(More)
—Packet classification is a fundamental enabling function for various applications in switches, routers and firewalls. Due to their performance and scalability limitations, current packet classification solutions are insufficient in addressing the challenges from the growing network bandwidth and the increasing number of new applications. This paper(More)
Anti-virus applications play an important role in today's Internet communication security. Virus scanning is usually performed on email, web and file transfer traffic flows at intranet security gateways. The performance of popular anti-virus applications relies on the pattern matching algorithms implemented in these security devices. The growth of network(More)
—Cloud datacenters, providing Infrastructure as a Service (IaaS), need to lively orchestrate numerous resource elements with diverse requirements of service provision, which most existing approaches are difficult to meet elastically. This paper presents LiveCloud, a management framework for resources in cloud datacenters. It addresses multiple management(More)
In this paper, a novel packet classification scheme optimized for multi-core network processors is proposed. The algorithm, Explicit Cuttings (ExpCuts), adopts a hierarchical space aggregation technique to significantly reduce the memory usage. Consequently, without burst of memory usages, the time-consuming linear search in the conventional decision-tree(More)
There is a growing interest in designing high-performance network devices to perform packet processing at flow level. Applications such as stateful access control, deep inspection and flow-based load balancing all require efficient flow-level packet processing. In this paper, we present a design of high-performance flow-level packet processing system based(More)
—Multi-dimensional packet classification is a key task in network applications, such as firewalls, intrusion prevention and traffic management systems. With the rapid growth of network bandwidth, wire speed multi-dimensional packet classification has become a major challenge for next-generation network processing devices. In this paper, we present a(More)
To build holistic protection against complex and blended network threats, multiple security features need to be integrated into a unified security architecture, which requires in Unified Threat Management (UTM). However, most existing UTMs operate by simply stringing together a number of security applications working independently without system level(More)
—Network security has become an increasingly important yet challenging issue in present production networks. State-of-the-art solutions cannot meet the overall requirements of high-efficiency security, due to the complicated configuration demands, heavy network traffic and ever-increasing network scale. In this paper, we present LiveSec, a scalable and(More)