Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:

Published byBrittany Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:"— Presentation transcript:

1 Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher: IEEE INFOCOM, 2012 Presenter: Kai-Yang, Liu Date: 2011/12/21

2 INTRODUCTION Gzip or Deflate work well as the compression for each individual response, but in many cases there is a lot of common data shared by a group of pages. Therefore, compression methods of the next generation are inter-file, where there is one dictionary that can be referenced by several files. 2

3 The VCDIFF Compression Algorithm VCDIFF encoding process uses three types of instructions, called delta instructions:  ADD(i, str) means to append to the output i bytes, which are specified in parameter str.  RUN(i, b) means to append i times the byte b.  COPY(p, x) means that the interval [p, p + x) should be copied from the dictionary. 3

4 Example Dictionary : DBEAACDBCABC The plain-text that should be considered is therefore ABDDBEAAAACDBCABAB CAACBCDBADBC 4

5 Aho-Corasick Algorithm patterns set: { E,BE,BD,BCD,BCAA,CDBCAB } 5

6 The Offline Phase The dictionary is scanned from the first symbol using the Aho-Corasick algorithm. State array : Match list : 6

7 The Offline Phase Dictionary : DBEAACDBCABC 7

8 Four Kinds of Matches Patterns that are fully contained within an ADD or COPY instruction. Patterns whose prefix is within a COPY instruction. Patterns whose suffix is within a COPY instruction. 8

9 The Online Phase Scanning the delta file by the AC algorithm. ADD instruction : simply scanning it by traversing the automaton. COPY (p, x) instruction : Step1: Scan the copied symbols from the dictionary one by one, until when scanning a symbol b p+i we reach a state in the automaton whose depth is less or equal to i. ※ Find all the patterns of fourth category 9

10 The Online Phase Step2: We check the Matched list to find any patterns in the dictionary that ends within interval [ p, p+x). ※ Find all the patterns of second category Step3: We obtain the state State[p+x-1]. From that state, we follow failure transitions in the automaton, until we reach a state s whose depth is less or equal to x. 10

11 11 Dictionary : DBEAACDBCABC Match List:

12 12 Dictionary : DBEAACDBCABC Match List:

13 13 Dictionary : DBEAACDBCABC Match List:

14 14 Dictionary : DBEAACDBCABC Match List:

15 15 Dictionary : DBEAACDBCABC Match List:

16 16 Dictionary : DBEAACDBCABC Match List:

17 17 Dictionary : DBEAACDBCABC Match List:

18 18 Dictionary : DBEAACDBCABC Match List:

19 19 Dictionary : DBEAACDBCABC Match List:

20 20 Dictionary : DBEAACDBCABC Match List:

21 Optimizations Efficient pattern lookups in the Matched list:  Save the Matched list as a balanced tree.  Add an array of pointers of the dictionary size.  Given a COPY (p, x) instruction, one can cache the corresponding internal matches within [p, p+x-1] in a hash-table whose key is “(p, x)”. 21

22 REGULAR EXPRESSIONS INSPECTION Anchors are extracted from the regular expression offline. Then, our algorithm is applied on the SDCH-compressed traffic with the anchors as the patterns set. For example the regular expression \d{6}ABCDE\s+123456\d*XYZ$ if we matched the anchor ABCDE at position x1 and the anchor XYZ at position x 2, the interval [x 1 -10,x 2 ] should be passed to the regular expressions engine for re- examination. 22

23 Experimental Results Data Sets : We first downloaded the dictionary from google.com and used the 1000 most popular Google search queries. Pattern Sets : The signatures data sets are drawn from a snapshot of Snort rules as of October 2010. we also constructed for each input file a synthetic patterns file. 23

24 Experimental Results 24

25 Experimental Results 25

26 Experimental Results 26

27 Experimental Results 27

Download ppt "Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:"

Similar presentations

Shift-based Pattern Matching for Compressed Web Traffic Presented by Victor Zigdon 1* Joint work with: Dr. Anat Bremler-Barr 1* and Yaron Koral 2 The SPC.

Shift-based Pattern Matching for Compressed Web Traffic Presented by Victor Zigdon 1* Joint work with: Dr. Anat Bremler-Barr 1* and Yaron Koral 2 The SPC.
Parametrized Matching Amir, Farach, Muthukrishnan Orgad Keller.

Parametrized Matching Amir, Farach, Muthukrishnan Orgad Keller.
Deep Packet Inspection(DPI) Engineering for Enhanced Performance of Network Elements and Security Systems PIs: Dr. Anat Bremler-Barr (IDC) Dr. David.

Deep Packet Inspection(DPI) Engineering for Enhanced Performance of Network Elements and Security Systems PIs: Dr. Anat Bremler-Barr (IDC) Dr. David.
Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011.

Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011.
Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.

Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.
Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
Chapter 4: Trees Part II - AVL Tree

Chapter 4: Trees Part II - AVL Tree
Multi-Core Packet Scattering to Disentangle Performance Bottlenecks Yehuda Afek Tel-Aviv University.

Multi-Core Packet Scattering to Disentangle Performance Bottlenecks Yehuda Afek Tel-Aviv University.
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.
Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.

Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.
Genome-scale disk-based suffix tree indexing Benjarath Phoophakdee Mohammed J. Zaki Compiled by: Amit Mahajan Chaitra Venus.

Genome-scale disk-based suffix tree indexing Benjarath Phoophakdee Mohammed J. Zaki Compiled by: Amit Mahajan Chaitra Venus.
1 Suffix Trees and Suffix Arrays Modern Information Retrieval by R. Baeza-Yates and B. Ribeiro-Neto Addison-Wesley, 1999. (Chapter 8)

1 Suffix Trees and Suffix Arrays Modern Information Retrieval by R. Baeza-Yates and B. Ribeiro-Neto Addison-Wesley, (Chapter 8)
String Recognition Simple case: recognize 1101 “ ” 0 “1” 0 “11” 0 Reset 1 “110” 0 101 “1101” 1 1 1 0 0 0 0.

String Recognition Simple case: recognize 1101 “ ” 0 “1” 0 “11” 0 Reset 1 “110” “1101”
XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.

XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.
1 An adaptable FPGA-based System for Regular Expression Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 An adaptable FPGA-based System for Regular Expression Matching Department of Computer Science and Information Engineering National Cheng Kung University,
Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.

Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.
Infix, Postfix, Prefix.

Infix, Postfix, Prefix.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: 2009.9.1 Publisher/Conf.

1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.

Similar presentations

Ads by Google