High-Speed Application Protocol Parsing and Extraction for Deep Flow Inspection

Liu, Alex X.; Meiners, Chad R.; Norige, Eric; Torng, Eric

doi:10.1109/jsac.2014.2358817

Cited by 17 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Different services have different states on session connection or data flow [10]. A. X. Liu et al proposed a framework for automated online application protocol field extraction of DFI, which can effectively reduce the resources occupied by DFI and improve the running speed of the classifier [11].…”

Section: Related Workmentioning

confidence: 99%

Research on Intelligent Configuration Method of Mine IoT Communication Resources Based on Data Flow Behavior

Meng

2020

IEEE Access

View full text Add to dashboard Cite

In order to ensure production safety and improve production efficiency, mining enterprises are constantly accelerating the construction of mine Internet of Things systems. In the context of a substantial increase in the number of devices with network communication capabilities in the mine, the mine network communication facilities are under tremendous pressure. We propose a device business classifier based on convolutional neural networks to improve the service quality of mine network communication infrastructure. The classifier uses wavelet transform to extract the data flow and construct behavior characteristics to classify device business categories. According to the classification results, the system flexibly adjusts the parameters of network services provided to the terminal equipment. In this way, the network resources of the system can be allocated reasonably. We evaluate the performance of the classifier model through the test data set. The performance evaluation results show that the comprehensive recognition rate of the classifier model reaches 97.2%. We optimize and adjust the classifier model according to the hardware environment in which the classifier is actually deployed.

show abstract

Section: Related Workmentioning

confidence: 99%

Research on Intelligent Configuration Method of Mine IoT Communication Resources Based on Data Flow Behavior

Meng

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In FPGA box, both OpenFunction script and pseudo language are translated to the special C/C++ code: the specification is translated to the top level block (composed by a call graph among low level blocks), while each pseudo language based action definition is translated to a low level block. The translation of data plane IPSEC specification (Algorithm 1) as shown in Algorithm 6, requires (1) defining the inter-link between functional actions (i.e., [5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20]; and (2) using direct function calls to represent actions (e.g., . Note that in FPGA platform, we implement all parameters as action attributes, which are controlled by its corresponding CP process.…”

Section: Script Supportmentioning

confidence: 99%

“…P4 improves OpenFlow by allowing users to extract customized packet header fields. However, many middleboxes, such as application firewalls and IPSes, need to match packet payload against signatures [8]. Third, the table abstraction in OpenFlow/P4 is fundamentally incapable of modeling the function of scheduling.…”

Section: Introductionmentioning

confidence: 99%

OpenFunction: Data Plane Abstraction for Software-Defined Middleboxes

Tian¹,

Liu²,

Munir³

et al. 2016

Preprint

Self Cite

View full text Add to dashboard Cite

The state-of-the-art OpenFlow technology only partially realized SDN vision of abstraction and centralization for packet forwarding in switches. OpenFlow/P4 falls short in implementing middlebox functionalities due to the fundamental limitation in its match-action abstraction. In this paper, we advocate the vision of Software-Defined Middleboxes (SDM) to realize abstraction and centralization for middleboxes. We further propose OpenFunction, an SDM reference architecture and a network function abstraction layer. Our SDM architecture and Open-Function abstraction are complementary to existing SDN and Network Function Virtualization (NFV) technologies. SDM complements SDN as SDM realizes abstraction and centralization for middleboxes, whereas SDN realizes those for switches. OpenFunction complements OpenFlow as OpenFunction addresses network functions whereas OpenFlow addresses packet forwarding. SDM also complements NFV in that SDM gives NFV the ability to use heterogenous hardware platforms with various hardware acceleration technologies.

show abstract

“…The traditional traffic identification methods include the deep packet inspection [2][3][4][5] and the deep flow inspection. [6][7][8] For the encryption traffic identification, the traditional identification method was faced with a series of issues. Moreover, it was difficult to match the encryption protocol by the load information, and it was easily affected by the upgrade of the protocol.…”

Section: Introductionmentioning

confidence: 99%

Online and automatic identification of encryption network behaviors in big data environment

Zhu

2018

Concurrency and Computation

View full text Add to dashboard Cite

To handle the difficulty in identifying encrypted network traffic in big data environment, a fast and online identification method for encryption network behaviors was proposed. Twitter audios, messages, videos, images, and other encrypted network behaviors were deeply studied in big data environment, and the features were extracted from a lot of encryption network behaviors, and the model database based on the correlation coefficient was established by these features, and the correlation coefficient between the network interactive data and the model database was calculated by acquiring the network interactive data at real time. The reference distance will be proposed and used to eliminate the noise of similar traffic sets; at last, the automatic and online identification of encryption network behaviors based on correlation coefficient and reference distance in big data environment were implemented by combination with the classification threshold, and the online identification rate was about 93% by this method, and the experiment results show the proposed method is applicable and effective.

show abstract

High-Speed Application Protocol Parsing and Extraction for Deep Flow Inspection

Cited by 17 publications

References 14 publications

Research on Intelligent Configuration Method of Mine IoT Communication Resources Based on Data Flow Behavior

Research on Intelligent Configuration Method of Mine IoT Communication Resources Based on Data Flow Behavior

OpenFunction: Data Plane Abstraction for Software-Defined Middleboxes

Online and automatic identification of encryption network behaviors in big data environment

Contact Info

Product

Resources

About