TY - GEN
T1 - Shift-based pattern matching for compressed web traffic
AU - Bremler-Barr, Anat
AU - Koral, Yaron
AU - Zigdon, Victor
PY - 2011
Y1 - 2011
N2 - Compressing web traffic using standard GZIP is becoming both popular and challenging due to the huge increase in wireless web devices, where bandwidth is limited. Security and other content based networking devices are required to decompress the traffic of tens of thousands concurrent connections in order to inspect the content for different signatures. The overhead imposed by the decompression inhibits most devices from handling compressed traffic, which in turn either limits traffic compression or introduces security holes and other dysfunctionalities. The ACCH algorithm [1] was the first to present a unified approach to pattern matching and decompression, by taking advantage of information gathered in the decompression phase to accelerate the pattern matching. ACCH accelerated the DFA-based Aho-Corasick multi-pattern matching algorithm. In this paper, we present a novel algorithm, SPC (Shift-based Pattern matching for Compressed traffic) that accelerates the commonly used Wu-Manber pattern matching algorithm. SPC is simpler and has higher throughput and lower storage overhead than ACCH. Analysis of real web traffic and real security devices signatures shows that we can skip scanning up to 87.5% of the data and gain performance boost of more than 51% as compared to ACCH. Moreover, the additional storage requirement of the technique requires only 4KB additional information per connection as compared to 8KB of ACCH.
AB - Compressing web traffic using standard GZIP is becoming both popular and challenging due to the huge increase in wireless web devices, where bandwidth is limited. Security and other content based networking devices are required to decompress the traffic of tens of thousands concurrent connections in order to inspect the content for different signatures. The overhead imposed by the decompression inhibits most devices from handling compressed traffic, which in turn either limits traffic compression or introduces security holes and other dysfunctionalities. The ACCH algorithm [1] was the first to present a unified approach to pattern matching and decompression, by taking advantage of information gathered in the decompression phase to accelerate the pattern matching. ACCH accelerated the DFA-based Aho-Corasick multi-pattern matching algorithm. In this paper, we present a novel algorithm, SPC (Shift-based Pattern matching for Compressed traffic) that accelerates the commonly used Wu-Manber pattern matching algorithm. SPC is simpler and has higher throughput and lower storage overhead than ACCH. Analysis of real web traffic and real security devices signatures shows that we can skip scanning up to 87.5% of the data and gain performance boost of more than 51% as compared to ACCH. Moreover, the additional storage requirement of the technique requires only 4KB additional information per connection as compared to 8KB of ACCH.
UR - http://www.scopus.com/inward/record.url?scp=80052756070&partnerID=8YFLogxK
U2 - 10.1109/HPSR.2011.5986030
DO - 10.1109/HPSR.2011.5986030
M3 - منشور من مؤتمر
SN - 9781424484560
T3 - 2011 IEEE 12th International Conference on High Performance Switching and Routing, HPSR 2011
SP - 222
EP - 229
BT - 2011 IEEE 12th International Conference on High Performance Switching and Routing, HPSR 2011
T2 - 2011 IEEE 12th International Conference on High Performance Switching and Routing, HPSR 2011
Y2 - 4 July 2011 through 6 July 2011
ER -