Shue, Craig A.
WinSight is a distributed firewall and network monitoring system capable of considering packets' host context when making flow decisions and is developed for Windows 7. To increase defense against internal network threats, such as worms and compromised machines, we developed both an agent and a controller which follows a popular standard called OpenFlow. Our testing showed WinSight is able to successfully block traffic based on context data and deep packet inspection with a moderate performance impact, with the first packet of each flow most affected. There were also rare, yet significant delays when reinjecting packets into the host's network stack.
Worcester Polytechnic Institute
Interactive Media and Game Development
Major Qualifying Project
All authors have granted to WPI a nonexclusive royalty-free license to distribute copies of the work, subject to other agreements. Copyright is held by the author or authors, with all rights reserved, unless otherwise noted.