Progressive Email Classifier (PEC) for Ingress Enterprise Network Traffic Analysis
Abstract
This report summarizes research findings of the project "Progressive Email Classifier (PEC) for Ingress Enterprise Network Traffic Analysis." We have developed a series of solutions which are designed to serve the needs of gateway level detection of spam like traffic, with and without prior defined patterns. The first major solution is the scoreboard architecture, which can track the scores and ages of patterns with a constant running time. Next, we developed a packetized processing software architecture, PFlex, for the regular expression pattern matcher Flex to support packet level content scanning. The third major solution is a SA2PX tool which can translate SpamAssassin into Posix format, so that it can be ported to different platforms. The fourth major solution is a new Nondeterministic Finite Automata (NFA) algorithm for regular expression scanning, which can support overlapped matching, and can resolve matching ambiguity. We have tested these solutions in simulations, and run them on different computing platforms, including the multicore PC, the Bivio model 7500 DPI multicomputer, and FPGA. The solutions can be integrated into a system to supplement existing server-based spam filters by providing real-time statistics based spam information. The overall system design can be broadly expanded to support other network security functions.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 21, 2010
- Accession Number
- ADA534227
Entities
People
- Jyh-charn Liu
Organizations
- Texas Engineering Experiment Station