Abstract
Compressing web traffic using standard GZIP is becoming both popular and challenging due to the huge increase in wireless web devices, where bandwidth is limited. Security and other content based networking devices are required to decompress the traffic of tens of thousands concurrent connections in order to inspect the content for different signatures. The major limiting factor in this process is the high memory requirements of 32KB per connection that leads to hundreds of megabytes to gigabytes of main memory consumption. This requirement inhibits most devices from handling compressed traffic, which in turn either limits traffic compression or introduces security holes and other dysfunctionalities. In this paper we introduce new algorithms and techniques that drastically reduce this space requirement by over 80%, with only a slight increase in the time overhead, thus making real-time compressed traffic inspection a viable option for network devices.
Chapter PDF
Similar content being viewed by others
References
Bremler-Barr, A., Koral, Y.: Accelerating multi-patterns matching on compressed HTTP. In: INFOCOM 2009 (April 2009)
Hypertext transfer protocol – http/1.1, RFC 2616 (June 1999), http://www.ietf.org/rfc/rfc2616.txt.
Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Transactions on Information Theory, 337–343 (May 1977)
Huffman, D.: A method for the construction of minimum-redundancy codes. In: Proceedings of IRE, pp. 1098–1101 (1952)
zlib 1.2.5 (April 2010), http://www.zlib.net
Fisk, M., Varghese, G.: An analysis of fast string matching applied to content-based forwarding and intrusion detection. Techical Report CS2001-0670 (updated version) (2002)
Aho, A., Corasick, M.: Efficient string matching: an aid to bibliographic search. Communications of the ACM, 333–340 (1975)
Boyer, R., Moore, J.: A fast string searching algorithm. Communications of the ACM, 762–772 (October 1977)
Clam antivirus. http://www.clamav.net (version 0.82)
Snort, http://www.snort.org (accessed on May 2010).
Lin, W., Liu, B.: Pipelined parallel ac-based approach for multi-string matching. In: ICPADS (2008)
van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: INFOCOM, pp. 1–13 (April 2006)
Tan, L., Sherwood, T.: Architectures for bit-split string scanning in intrusion detection. In: Micro, pp. 110–117. IEEE, Los Alamitos (2006)
Oberhumer, M.F.: LZO, http://www.oberhumer.com/opensource/lzo
Top sites (July 2010), http://www.alexa.com/topsites
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Afek, Y., Bremler-Barr, A., Koral, Y. (2011). Efficient Processing of Multi-connection Compressed Web Traffic. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds) NETWORKING 2011. NETWORKING 2011. Lecture Notes in Computer Science, vol 6640. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20757-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-20757-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20756-3
Online ISBN: 978-3-642-20757-0
eBook Packages: Computer ScienceComputer Science (R0)