By Topic

Configuring networks with content filtering nodes with applications to network security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Kodialam, M. ; Lucent Technol. Bell Labs, USA ; Lakshman, T.V. ; Sengupta, S.

With the rapid increase in the frequency of worm attacks, there has been significant interest in developing network based mechanisms that slow or contain worm propagation. One suggested network-based approach is the use of special content filtering nodes that examine the complete content of each packet and block traffic that contain strings matching a pre-specified set of worm signatures. To be effective, containment systems need to have fast reaction times (content filtering with the appropriate signatures must be activated very soon after the start of an attack) and need to be comprehensive in the sense that every packet routed through the network must be examined at least once. Since network-based content filtering is expensive, it is desirable to make the best use of deployable content filtering capability. This requires intelligent placement of the content filtering nodes in the network and use of appropriate network routing to maximize the carried traffic. In this paper, we study the impact of the content filtering requirement on network capacity. First, we develop an intelligent heuristic for deployment of content filtering nodes in the network. Next, given a set of deployed content filtering nodes, we develop a fully polynomial time approximation scheme (FP-TAS) that maximizes the traffic carried by the network subject to the constraint that all traffic passes through a content filtering node at least once. Simulation studies using the developed schemes show that for large networks, most of the traffic can be examined even when only 10% of the network nodes are content filtering capable.

Published in:

INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE  (Volume:4 )

Date of Conference:

13-17 March 2005