Victor C. Valgenti scite author profile

Victor C. Valgenti

5Publications

33Citation Statements Received

34Citation Statements Given

How they've been cited

How they cite others

Affiliations

Washington State University

Publications

Order By: Most citations

TrustGuard: A flow-level reputation-based DDoS defense system

Liu

Sun

Valgenti

et al. 2011

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks pose one of the most serious security threats to the Internet. We examine the drawbacks of existing defense schemes. To combat these deficiencies, we propose a credit-based defense system: TrustGuard. Essentially, flows accumulate credit based on the diversity of their packet-size distribution. The more diverse the flow, the more credit it has. Since DDoS attacks demonstrate low diversity they accumulate less credit and are likely to be dropped by the system. Naturally, the performance of TrustGuard greatly depends on the choice of credit accumulation and flow selection methods. We derive our solution by identifying the essential characteristics of DDoS attacks. Our analysis accounts for both micro and macro behaviors of DDoS attacks. The primary goal of this work is to not only detect the occurrence of a DDoS attack, but to also identify the attackers and victims involved. Experimental results demonstrate that TrustGuard performs admirably in both cases.

show abstract

Simulating Content in Traffic for Benchmarking Intrusion Detection Systems

Valgenti¹,

Kim²

2011

View full text Add to dashboard Cite

Network simulation and emulation environments play a crucial role in evaluating proposed protocols, applications, and networked systems. In such settings, the ability to scalably and efficiently generate traffic that has characteristics similar to those measured in the live Internet is of great importance. A key aspect of generating realistic traffic is to assign source and destination IP addresses to traffic flows such that the statistical structure of the addresses is similar to what would be seen in a live Internet setting. In this paper, we propose and evaluate an algorithm and data structure for efficient and realistic generation of IP addresses. We describe our new method and compare it with existing and prior work, while also showing that our technique is far more efficient-both in terms of memory consumed and computation time required. We also show that the statistical structure of the generated addresses is similar to what would be measured in the live Internet. Our results show that it is possible to efficiently generate addresses over the entire IPv4 address space, and that it is feasible to generate addresses from a /64 IPv6 subnet.

show abstract

Netshuffle: Improving Traffic Trace Anonymization through Graph Distortion

Valgenti

Paul

Kim

2011

View full text Add to dashboard Cite

Hybrid Regular Expression Matching for Deep Packet Inspection on Multi-Core Architecture

Sun

Liu

Valgenti

et al. 2010

View full text Add to dashboard Cite

Many network security applications in today's networks are based on deep packet inspection, checking not only the header portion but also the payload portion of a packet. For example, traffic monitoring, layer-7 filtering, and network intrusion detection all require an accurate analysis of packet content in search for predefined patterns to identify specific classes of applications, viruses, attack signatures, etc. Regular expressions are often used to represent such patterns. They are implemented using finite automata, which take the payload of a packet as an input string. However, existing approaches, both non-deterministic finite automata (NFA) and deterministic finite automata (DFA), have limitations; NFAs have excessive time complexity while DFAs have excessive space complexity. In this paper, we propose an efficient algorithm for regular expression matching to implement deep packet inspection on multi-core architecture. A regular expression is split into NFAfriendly components and DFA-friendly components, which are then assigned to different cores. This hybrid method combines the merits of NFA and DFA implementations, and efficiently takes advantage of multi-core architecture. We evaluate our algorithm using rule sets provided by Snort, a popular opensource intrusion detection system. The simulation results show that our approach outperforms existing NFA/DFA and hybrid approaches. Furthermore, our algorithm performs well on the important issues on multi-core architecture design, such as load balancing, data locality and communication between cores.

show abstract

Protecting Run-Time Filters for Network Intrusion Detection Systems

Valgenti¹,

Sun

Kim³

2014

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.