Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Published byCuthbert Isaac Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:"— Presentation transcript:

1 Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher: IEEE INFOCOM 2015 Presenter: Sih-An Pan Date: 2015/1/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2 INTRODUCTION Our mechanism is based solely on modifications to the signature matching algorithm. Our modification enhances the algorithm so that it will be able to skip previously-scanned bytes, which are saved in a dictionary along with some auxiliary information. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

3 INTRODUCTION Conceptually, it is divided to two parts: slow path that samples the traffic and creates a dictionary with the fixed length popular strings (which we call grams). data path that scans the traffic byte by byte and checks the dictionary for matches; if a gram is found in the dictionary, the data path skips the gram and adjusts its state according to an information saved along this gram. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

4 The Slow Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

5 The Slow Path We initiate an Aho-Corasick scan from the initial state s0 and save the DFA state in the end of this scan. This information is sufficient for the data path to adjust its state after skipping that gram. National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

6 The Data Path For each k-gram, the algorithm searches the dictionary and retrieves the corresponded entry. We query a Bloom filter to ensure that the gram is in the dictionary. During AC traversal, for each input byte, the algorithm checks whether it can skip subsequent bytes using one of the strings in the dictionary. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

7 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

8 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

9 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

10 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

11 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

12 The Data Path National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

13 EXPERIMENTAL RESULTS For HTTP traffic, we use Snort’s pattern-set (~4K patterns). For performance evaluation we use a system with Intel Sandybridge Core i7 2600 CPU with 32 KB L1 data cache (per core), 256 KB L2 cache (per core), and 8 MB L3 cache (shared among cores). The system runs Linux Ubuntu 11.10. National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

14 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

15 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

16 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 16

17 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

18 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

19 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

20 EXPERIMENTAL RESULTS National Cheng Kung University CSIE Computer & Internet Architecture Lab 20

Download ppt "Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:"

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.
Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,
1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: 2009.9.1 Publisher/Conf.

1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
Pipelined Architecture For Multi-String Match Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Pipelined Architecture For Multi-String Match Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,
High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.
Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.
Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.
Accelerating Multipattern Matching on Compressed HTTP Traffic Published in : IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 3, JUNE 2012 Authors : Bremler-Barr,

Accelerating Multipattern Matching on Compressed HTTP Traffic Published in : IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 3, JUNE 2012 Authors : Bremler-Barr,

Similar presentations

Ads by Google