TY - GEN
T1 - Towards a fast packet inspection over compressed HTTP traffic
AU - Sun, Xiuwen
AU - Hou, Kaiyu
AU - Li, Hao
AU - Hu, Chengchen
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/5
Y1 - 2017/7/5
N2 - Matching multiple patterns is the key technology in firewall, Intrusion Detection Systems, etc. However, most of the web services nowadays tend to compress their traffic for less transferring data and better user experience, which has challenged the multi-pattern matching original working only on raw content. Naive and straightforward solutions towards this challenge either decompress the compressed data first and apply legacy multi-pattern matching methods, or have to scan redundant data during the matching., which are not fast and memory efficient. In this paper, we propose COmpression INspection (COIN) method for multi-pattern matching on compressed HTTP traffic. COIN does not decompress the data before matching and only scans once each bit of the traffic under inspection. We have collected real traffic data from Alexa.com top 500 and Alexa.cn top 20000 web sites and have performed the experiments under 1430 SNORT patterns. The evaluation results show that COIN is 10-31% faster than state-of-the-art approach.
AB - Matching multiple patterns is the key technology in firewall, Intrusion Detection Systems, etc. However, most of the web services nowadays tend to compress their traffic for less transferring data and better user experience, which has challenged the multi-pattern matching original working only on raw content. Naive and straightforward solutions towards this challenge either decompress the compressed data first and apply legacy multi-pattern matching methods, or have to scan redundant data during the matching., which are not fast and memory efficient. In this paper, we propose COmpression INspection (COIN) method for multi-pattern matching on compressed HTTP traffic. COIN does not decompress the data before matching and only scans once each bit of the traffic under inspection. We have collected real traffic data from Alexa.com top 500 and Alexa.cn top 20000 web sites and have performed the experiments under 1430 SNORT patterns. The evaluation results show that COIN is 10-31% faster than state-of-the-art approach.
KW - Compressed traffic
KW - Deep packet inspection
KW - Gzip/DEFLATE
KW - Multi-pattern matching
UR - https://www.scopus.com/pages/publications/85027837887
U2 - 10.1109/IWQoS.2017.7969144
DO - 10.1109/IWQoS.2017.7969144
M3 - 会议稿件
AN - SCOPUS:85027837887
T3 - 2017 IEEE/ACM 25th International Symposium on Quality of Service, IWQoS 2017
BT - 2017 IEEE/ACM 25th International Symposium on Quality of Service, IWQoS 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 25th IEEE/ACM International Symposium on Quality of Service, IWQoS 2017
Y2 - 14 June 2017 through 16 June 2017
ER -