The Experts below are selected from a list of 3528 Experts worldwide ranked by ideXlab platform
David Hay - One of the best experts on this subject based on the ideXlab platform.
-
Deep Packet Inspection as a service
10th ACM International Conference on Emerging Networking Experiments and Technologies, CoNEXT 2014, 2014Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David Hay, Yaron KoralAbstract:Middleboxes play a major role in contemporary networks, as forwarding Packets is often not enough to meet operator demands, and other functionalities (such as security, QoS/QoE provisioning, and load balancing) are required. Traffic is usually routed through a sequence of such middleboxes, which either reside across the network or in a single, consolidated location. Although middleboxes provide a vast range of different capabilities, there are components that are shared among many of them. A task common to almost all middleboxes that deal with L7 protocols is Deep Packet Inspection (DPI). Today, traffic is inspected from scratch by all the middleboxes on its route. In this paper, we propose to treat DPI as a service to the middleboxes, implying that traffic should be scanned only once, but against the data of all middleboxes that use the service. The DPI service then passes the scan results to the appropriate middleboxes. Having DPI as a service has significant advantages in performance, scalability, robustness, and as a catalyst for innovation in the middlebox domain. Moreover, technologies and solutions for current Software Defined Networks (SDN) (e.g., SIMPLE [41]) make it feasible to implement such a service and route traffic to and from its instances. © 2014 ACM.
-
space time tradeoffs in software based Deep Packet Inspection
High Performance Switching and Routing, 2011Co-Authors: Anat Bremlerbarr, YOTAM HARCHOL, David HayAbstract:Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each Packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the Packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
-
HPSR - Space-time tradeoffs in software-based Deep Packet Inspection
2011 IEEE 12th International Conference on High Performance Switching and Routing, 2011Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David HayAbstract:Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each Packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the Packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
Anat Bremler-barr - One of the best experts on this subject based on the ideXlab platform.
-
Deep Packet Inspection as a service
10th ACM International Conference on Emerging Networking Experiments and Technologies, CoNEXT 2014, 2014Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David Hay, Yaron KoralAbstract:Middleboxes play a major role in contemporary networks, as forwarding Packets is often not enough to meet operator demands, and other functionalities (such as security, QoS/QoE provisioning, and load balancing) are required. Traffic is usually routed through a sequence of such middleboxes, which either reside across the network or in a single, consolidated location. Although middleboxes provide a vast range of different capabilities, there are components that are shared among many of them. A task common to almost all middleboxes that deal with L7 protocols is Deep Packet Inspection (DPI). Today, traffic is inspected from scratch by all the middleboxes on its route. In this paper, we propose to treat DPI as a service to the middleboxes, implying that traffic should be scanned only once, but against the data of all middleboxes that use the service. The DPI service then passes the scan results to the appropriate middleboxes. Having DPI as a service has significant advantages in performance, scalability, robustness, and as a catalyst for innovation in the middlebox domain. Moreover, technologies and solutions for current Software Defined Networks (SDN) (e.g., SIMPLE [41]) make it feasible to implement such a service and route traffic to and from its instances. © 2014 ACM.
-
Space efficient Deep Packet Inspection of compressed web traffic
Computer Communications, 2012Co-Authors: Yehuda Afek, Anat Bremler-barr, Yaron KoralAbstract:In this paper we focus on the process of Deep Packet Inspection of compressed web traffic. The major limiting factor in this process imposed by the compression, is the high memory requirements of 32KB per connection. This leads to the requirements of hundreds of megabytes to gigabytes of main memory on a multi-connection setting. We introduce new algorithms and techniques that drastically reduce this space requirement for such bump-in-the-wire devices like security and other content based networking tools. Our proposed scheme improves both space and time performance by almost 80% and over 40% respectively, thus making real-time compressed traffic Inspection a viable option for networking devices.
-
HPSR - Space-time tradeoffs in software-based Deep Packet Inspection
2011 IEEE 12th International Conference on High Performance Switching and Routing, 2011Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David HayAbstract:Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each Packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the Packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
Yaw-chung Chen - One of the best experts on this subject based on the ideXlab platform.
-
a hybrid cpu gpu pattern matching algorithm for Deep Packet Inspection
PLOS ONE, 2015Co-Authors: Chun Liang Lee, Yishan Lin, Yaw-chung ChenAbstract:The large quantities of data now being transferred via high-speed networks have made Deep Packet Inspection indispensable for security purposes. Scalable and low-cost signature-based network intrusion detection systems have been developed for Deep Packet Inspection for various software platforms. Traditional approaches that only involve central processing units (CPUs) are now considered inadequate in terms of Inspection speed. Graphic processing units (GPUs) have superior parallel processing power, but transmission bottlenecks can reduce optimal GPU efficiency. In this paper we describe our proposal for a hybrid CPU/GPU pattern-matching algorithm (HPMA) that divides and distributes the Packet-inspecting workload between a CPU and GPU. All Packets are initially inspected by the CPU and filtered using a simple pre-filtering algorithm, and Packets that might contain malicious content are sent to the GPU for further Inspection. Test results indicate that in terms of random payload traffic, the matching speed of our proposed algorithm was 3.4 times and 2.7 times faster than those of the AC-CPU and AC-GPU algorithms, respectively. Further, HPMA achieved higher energy efficiency than the other tested algorithms.
-
A hybrid CPU/GPU pattern-matching algorithm for Deep Packet Inspection
PLoS ONE, 2015Co-Authors: Chun Liang Lee, Ying-dar Lin, Yaw-chung ChenAbstract:The large quantities of data now being transferred via high-speed networks have made Deep Packet Inspection indispensable for security purposes. Scalable and low-cost signature-based network intrusion detection systems have been developed for Deep Packet Inspection for various software platforms. Traditional approaches that only involve central processing units (CPUs) are now considered inadequate in terms of Inspection speed. Graphic processing units (GPUs) have superior parallel processing power, but transmission bottlenecks can reduce optimal GPU efficiency. In this paper we describe our proposal for a hybrid CPU/GPU pattern-matching algorithm (HPMA) that divides and distributes the Packet-inspecting workload between a CPU and GPU. All Packets are initially inspected by the CPU and filtered using a simple pre-filtering algorithm, and Packets that might contain malicious content are sent to the GPU for further Inspection. Test results indicate that in terms of random payload traffic, the matching speed of our proposed algorithm was 3.4 times and 2.7 times faster than those of the AC-CPU and AC-GPU algorithms, respectively. Further, HPMA achieved higher energy efficiency than the other tested algorithms.
YOTAM HARCHOL - One of the best experts on this subject based on the ideXlab platform.
-
Deep Packet Inspection as a service
10th ACM International Conference on Emerging Networking Experiments and Technologies, CoNEXT 2014, 2014Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David Hay, Yaron KoralAbstract:Middleboxes play a major role in contemporary networks, as forwarding Packets is often not enough to meet operator demands, and other functionalities (such as security, QoS/QoE provisioning, and load balancing) are required. Traffic is usually routed through a sequence of such middleboxes, which either reside across the network or in a single, consolidated location. Although middleboxes provide a vast range of different capabilities, there are components that are shared among many of them. A task common to almost all middleboxes that deal with L7 protocols is Deep Packet Inspection (DPI). Today, traffic is inspected from scratch by all the middleboxes on its route. In this paper, we propose to treat DPI as a service to the middleboxes, implying that traffic should be scanned only once, but against the data of all middleboxes that use the service. The DPI service then passes the scan results to the appropriate middleboxes. Having DPI as a service has significant advantages in performance, scalability, robustness, and as a catalyst for innovation in the middlebox domain. Moreover, technologies and solutions for current Software Defined Networks (SDN) (e.g., SIMPLE [41]) make it feasible to implement such a service and route traffic to and from its instances. © 2014 ACM.
-
space time tradeoffs in software based Deep Packet Inspection
High Performance Switching and Routing, 2011Co-Authors: Anat Bremlerbarr, YOTAM HARCHOL, David HayAbstract:Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each Packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the Packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
-
HPSR - Space-time tradeoffs in software-based Deep Packet Inspection
2011 IEEE 12th International Conference on High Performance Switching and Routing, 2011Co-Authors: Anat Bremler-barr, YOTAM HARCHOL, David HayAbstract:Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each Packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the Packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
Xiaohua Jia - One of the best experts on this subject based on the ideXlab platform.
-
SCC@AsiaCCS - Enabling Secure and Dynamic Deep Packet Inspection in Outsourced Middleboxes
Proceedings of the 6th International Workshop on Security in Cloud Computing, 2018Co-Authors: Yu Guo, Cong Wang, Xiaohua JiaAbstract:Outsourced middlebox services have been a natural trend in modern enterprise networks to handle advanced traffic processing such as Deep Packet Inspection, traffic classification, and load balancing. However, traffic redirection to outsourced middleboxes raises new security and privacy concerns, as this service model gives cloud providers full access to all the enterprise's traffic flows and proprietary middlebox rules. To ease these concerns, recent efforts are made to design secure middlebox services that can directly function over encrypted traffic and middlebox rules. But security concerns from dynamic network functions like stateful Deep Packet Inspection and firewall rule updates are still not yet fully addressed. In this paper, we first propose a practical system architecture for outsourced middleboxes to perform dynamic Deep Packet Inspection with forward and backward privacy. That is, newly added rules cannot be linked to previous Inspection results, and deleted rules remain inaccessible to the server. Several recent papers have shown that it is a strong property that makes adaptive attacks less effective. Furthermore, we provide a generic solution that handles stateful Inspection while still ensuring the state privacy protection. Rigorous analysis and prototype evaluations demonstrate the security, efficiency, and effectiveness of the design.
