[Project Closed] From Aug. 2004 to July. 2006 @ Department of Information Management, National Taiwan University as graduate/PhD student under the supervision of Dr. Yeali S. Sun with National Chiao Tung University and
Goal. Developed a new stateful content-based packet classification called SConPaC/MSI. Compared to the traditional packet classifier, this architecture is capable to inspect the packet application content, maintain and track protocol state transition dynamically, and handle both IPv4 and IPv6 packets. It maintains and tracks the state transition of protocols in order to understand the evolution of connections and further develop stateful security detection services.
Features. 1) Develop an easy-to-use script language (in Backus-Naur Form) for adding new protocol FSMs and filtering rules. 2) .Develop a look-ahead packet aggregation mechanism to classify an individual packet to its related context. 3) Implement efficient algorithms for line-speed packet inspection on header field matching and keyword matching. 4) Using a Xiliux FPGA SoC to speed up the matching process. 5) Using Aho-corasick string matching algorithm and BitVector to achieve ~O(1) matching process.
Deployment. The system is designed to be located at the network gateway in order to capture all the packets passing through. All the functional blocks are implemented as a Linux kernel module that is inserted in the Netfilter/iptables framework.
Packet Processing Logic.