实现对压缩HTTP流量的快速数据包检测

Xiuwen Sun, Kaiyu Hou, Hao Li, Chengchen Hu
{"title":"实现对压缩HTTP流量的快速数据包检测","authors":"Xiuwen Sun, Kaiyu Hou, Hao Li, Chengchen Hu","doi":"10.1109/IWQoS.2017.7969144","DOIUrl":null,"url":null,"abstract":"Matching multiple patterns is the key technology in firewall, Intrusion Detection Systems, etc. However, most of the web services nowadays tend to compress their traffic for less transferring data and better user experience, which has challenged the multi-pattern matching original working only on raw content. Naive and straightforward solutions towards this challenge either decompress the compressed data first and apply legacy multi-pattern matching methods, or have to scan redundant data during the matching., which are not fast and memory efficient. In this paper, we propose COmpression INspection (COIN) method for multi-pattern matching on compressed HTTP traffic. COIN does not decompress the data before matching and only scans once each bit of the traffic under inspection. We have collected real traffic data from Alexa.com top 500 and Alexa.cn top 20000 web sites and have performed the experiments under 1430 SNORT patterns. The evaluation results show that COIN is 10–31% faster than state-of-the-art approach.","PeriodicalId":422861,"journal":{"name":"2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Towards a fast packet inspection over compressed HTTP traffic\",\"authors\":\"Xiuwen Sun, Kaiyu Hou, Hao Li, Chengchen Hu\",\"doi\":\"10.1109/IWQoS.2017.7969144\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Matching multiple patterns is the key technology in firewall, Intrusion Detection Systems, etc. However, most of the web services nowadays tend to compress their traffic for less transferring data and better user experience, which has challenged the multi-pattern matching original working only on raw content. Naive and straightforward solutions towards this challenge either decompress the compressed data first and apply legacy multi-pattern matching methods, or have to scan redundant data during the matching., which are not fast and memory efficient. In this paper, we propose COmpression INspection (COIN) method for multi-pattern matching on compressed HTTP traffic. COIN does not decompress the data before matching and only scans once each bit of the traffic under inspection. We have collected real traffic data from Alexa.com top 500 and Alexa.cn top 20000 web sites and have performed the experiments under 1430 SNORT patterns. The evaluation results show that COIN is 10–31% faster than state-of-the-art approach.\",\"PeriodicalId\":422861,\"journal\":{\"name\":\"2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWQoS.2017.7969144\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQoS.2017.7969144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

多模式匹配是防火墙、入侵检测系统等的关键技术。然而,目前大多数web服务都倾向于压缩其流量,以减少传输数据量和获得更好的用户体验,这对只处理原始内容的多模式匹配提出了挑战。针对这一挑战的简单解决方案要么先对压缩数据进行解压缩,然后应用遗留的多模式匹配方法,要么必须在匹配过程中扫描冗余数据。,它们的速度和内存效率都不高。本文提出了一种压缩检测(COIN)方法,用于对压缩后的HTTP流量进行多模式匹配。COIN在匹配之前不解压缩数据,并且只扫描一次被检查的流量的每个位。我们收集了Alexa.com 500强和Alexa.com cn 20000强网站的真实流量数据,并在1430种SNORT模式下进行了实验。评价结果表明,该方法比现有方法快10-31%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Towards a fast packet inspection over compressed HTTP traffic
Matching multiple patterns is the key technology in firewall, Intrusion Detection Systems, etc. However, most of the web services nowadays tend to compress their traffic for less transferring data and better user experience, which has challenged the multi-pattern matching original working only on raw content. Naive and straightforward solutions towards this challenge either decompress the compressed data first and apply legacy multi-pattern matching methods, or have to scan redundant data during the matching., which are not fast and memory efficient. In this paper, we propose COmpression INspection (COIN) method for multi-pattern matching on compressed HTTP traffic. COIN does not decompress the data before matching and only scans once each bit of the traffic under inspection. We have collected real traffic data from Alexa.com top 500 and Alexa.cn top 20000 web sites and have performed the experiments under 1430 SNORT patterns. The evaluation results show that COIN is 10–31% faster than state-of-the-art approach.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
When privacy meets economics: Enabling differentially-private battery-supported meter reporting in smart grid Task assignment with guaranteed quality for crowdsourcing platforms Social media stickiness in Mobile Personal Livestreaming service Multicast scheduling algorithm in software defined fat-tree data center networks A cooperative mechanism for efficient inter-domain in-network cache sharing
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1