Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck ...Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck for multi-pattern matching on online compressed network traffic(CNT), this is because malicious and intrusion codes are often embedded into compressed network traffic. In this paper, we propose an online fast and multi-pattern matching algorithm on compressed network traffic(FMMCN). FMMCN employs two types of jumping, i.e. jumping during sliding window and a string jump scanning strategy to skip unnecessary compressed bytes. Moreover, FMMCN has the ability to efficiently process multiple large volume of networks such as HTTP traffic, vehicles traffic, and other Internet-based services. The experimental results show that FMMCN can ignore more than 89.5% of bytes, and its maximum speed reaches 176.470MB/s in a midrange switches device, which is faster than the current fastest algorithm ACCH by almost 73.15 MB/s.展开更多
In order to describe the compressibility of traffic flows and determine the compression factors, the Mach number of gas dynamics is introduced, and the concept and the formula of the compression factor are obtained. A...In order to describe the compressibility of traffic flows and determine the compression factors, the Mach number of gas dynamics is introduced, and the concept and the formula of the compression factor are obtained. According to the concept of the compression factor and its differential equation, a stop-wave model is built. The theoretical value and the observed one are obtained by the survey data in Changchun city. The relative error between the two values is 20. 3%. The accuracy is improved 39% compared with the result from the traditional stop-wave model. The results show that the traffic flow is compressible, and the methods of research on gas compressibility is also applicable to the traffic flow. The stop-wave model obtained by the compression factor can better describe the phenomenon of the stop wave at a signalized intersection when compared with the traditional stop-wave model.展开更多
A traffic matrix is a necessary parameter fornetwork management functions,and itsupplies a flow-level view of a largescale IP-over-WDM backbone network.This paper studies the problem of traffic matrix estimationand pr...A traffic matrix is a necessary parameter fornetwork management functions,and itsupplies a flow-level view of a largescale IP-over-WDM backbone network.This paper studies the problem of traffic matrix estimationand proposes an exact traffic matrix estimation approach based on network tomography techniques.The traditional network tomography model is extended to make it compatible with compressive sensing constraints.First,a stochastic perturbation is introduced in the traditional network tomography inference model.Then,an algorithm is proposed to achieve additional optical link observations via optical bypass techniques.The obtained optical link observations are used as extensions for the perturbed network tomography model to ensure that the synthetic model can meetcompressive sensing constraints.Finally,the traffic matrix is estimated from the synthetic model by means of a compressive sensing recovery algorithm.展开更多
With the growing popularity of Internet applications and the widespread use of mobile Internet, Internet traffic has maintained rapid growth over the past two decades. Internet Traffic Archival Systems(ITAS) for pac...With the growing popularity of Internet applications and the widespread use of mobile Internet, Internet traffic has maintained rapid growth over the past two decades. Internet Traffic Archival Systems(ITAS) for packets or flow records have become more and more widely used in network monitoring, network troubleshooting, and user behavior and experience analysis. Among the three key technologies in ITAS, we focus on bitmap index compression algorithm and give a detailed survey in this paper. The current state-of-the-art bitmap index encoding schemes include: BBC, WAH, PLWAH, EWAH, PWAH, CONCISE, COMPAX, VLC, DF-WAH, and VAL-WAH. Based on differences in segmentation, chunking, merge compress, and Near Identical(NI) features, we provide a thorough categorization of the state-of-the-art bitmap index compression algorithms. We also propose some new bitmap index encoding algorithms, such as SECOMPAX, ICX, MASC, and PLWAH+, and present the state diagrams for their encoding algorithms. We then evaluate their CPU and GPU implementations with a real Internet trace from CAIDA. Finally, we summarize and discuss the future direction of bitmap index compression algorithms. Beyond the application in network security and network forensic, bitmap index compression with faster bitwise-logical operations and reduced search space is widely used in analysis in genome data, geographical information system, graph databases, image retrieval, Internet of things, etc. It is expected that bitmap index compression will thrive and be prosperous again in Big Data era since 1980s.展开更多
基金supported by China MOST project (No.2012BAH46B04)
文摘Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck for multi-pattern matching on online compressed network traffic(CNT), this is because malicious and intrusion codes are often embedded into compressed network traffic. In this paper, we propose an online fast and multi-pattern matching algorithm on compressed network traffic(FMMCN). FMMCN employs two types of jumping, i.e. jumping during sliding window and a string jump scanning strategy to skip unnecessary compressed bytes. Moreover, FMMCN has the ability to efficiently process multiple large volume of networks such as HTTP traffic, vehicles traffic, and other Internet-based services. The experimental results show that FMMCN can ignore more than 89.5% of bytes, and its maximum speed reaches 176.470MB/s in a midrange switches device, which is faster than the current fastest algorithm ACCH by almost 73.15 MB/s.
基金The National Basic Research Program of China (973Pro-gram)(No.2006CB705505)
文摘In order to describe the compressibility of traffic flows and determine the compression factors, the Mach number of gas dynamics is introduced, and the concept and the formula of the compression factor are obtained. According to the concept of the compression factor and its differential equation, a stop-wave model is built. The theoretical value and the observed one are obtained by the survey data in Changchun city. The relative error between the two values is 20. 3%. The accuracy is improved 39% compared with the result from the traditional stop-wave model. The results show that the traffic flow is compressible, and the methods of research on gas compressibility is also applicable to the traffic flow. The stop-wave model obtained by the compression factor can better describe the phenomenon of the stop wave at a signalized intersection when compared with the traditional stop-wave model.
基金supported in part by the National Natural Science Foundation of China(Nos.61571104,61071124,61501105)the General Project of Scientific Research of the Education Department of Liaoning Province(No.L20150174)+2 种基金the Program for New Century Excellent Talents in University(No.NCET-11-0075)the Fundamental Research Funds for the Central Universities(Nos.N150402003,N120804004,N130504003,N150404018)the State Scholarship Fund(201208210013)
文摘A traffic matrix is a necessary parameter fornetwork management functions,and itsupplies a flow-level view of a largescale IP-over-WDM backbone network.This paper studies the problem of traffic matrix estimationand proposes an exact traffic matrix estimation approach based on network tomography techniques.The traditional network tomography model is extended to make it compatible with compressive sensing constraints.First,a stochastic perturbation is introduced in the traditional network tomography inference model.Then,an algorithm is proposed to achieve additional optical link observations via optical bypass techniques.The obtained optical link observations are used as extensions for the perturbed network tomography model to ensure that the synthetic model can meetcompressive sensing constraints.Finally,the traffic matrix is estimated from the synthetic model by means of a compressive sensing recovery algorithm.
基金supported by the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2013CB228206)the National Natural Science Foundation of China A3 Program (No. 61140320)+2 种基金the National Natural Science Foundation of China (Nos. 61233016 and 61472200)supported by the National Training Program of Innovation and Entrepreneurship for Undergraduates (Nos. 201410003033 and 201410003031)Hitachi (China) Research and Development Corporation
文摘With the growing popularity of Internet applications and the widespread use of mobile Internet, Internet traffic has maintained rapid growth over the past two decades. Internet Traffic Archival Systems(ITAS) for packets or flow records have become more and more widely used in network monitoring, network troubleshooting, and user behavior and experience analysis. Among the three key technologies in ITAS, we focus on bitmap index compression algorithm and give a detailed survey in this paper. The current state-of-the-art bitmap index encoding schemes include: BBC, WAH, PLWAH, EWAH, PWAH, CONCISE, COMPAX, VLC, DF-WAH, and VAL-WAH. Based on differences in segmentation, chunking, merge compress, and Near Identical(NI) features, we provide a thorough categorization of the state-of-the-art bitmap index compression algorithms. We also propose some new bitmap index encoding algorithms, such as SECOMPAX, ICX, MASC, and PLWAH+, and present the state diagrams for their encoding algorithms. We then evaluate their CPU and GPU implementations with a real Internet trace from CAIDA. Finally, we summarize and discuss the future direction of bitmap index compression algorithms. Beyond the application in network security and network forensic, bitmap index compression with faster bitwise-logical operations and reduced search space is widely used in analysis in genome data, geographical information system, graph databases, image retrieval, Internet of things, etc. It is expected that bitmap index compression will thrive and be prosperous again in Big Data era since 1980s.
