Visible to the public Biblio

Found 7470 results

Filters: Keyword is pubcrawl  [Clear All Filters]
Libicki, Martin.  2019.  For a Baltic Cyberspace Alliance? 2019 11th International Conference on Cyber Conflict (CyCon). 900:1—14.
In NATO, an attack on one is an attack on all. In recent years, this tenet has been extended to mean that a cyberattack on one is a cyberattack on all. But does what makes sense in the physical world also make sense if extended into cyberspace? And if there is virtue in collective cyberspace defense, is NATO necessarily the right grouping - in a world where, as far as the United States and the United Kingdom are concerned, more of what constitutes cyber defense circulates within the Five Eyes coalition rather than within NATO? To explore these issues, this essay moots the creation of a Baltic-area cyberspace alliance, considers what it would do, assesses its costs and benefits for its members, and concludes by considering whether such an alliance would be also be in the interest of the U.S. Keys to this discussion are (1) the distinction between what constitutes an “attack” in a medium where occupation may result and actions in media where occupation is (currently) meaningless and effects almost always reversible, (2) what collective defense should mean in cyberspace - and where responsibilities may be best discharged within the mix of hardness, pre-emption, and deterrence that constitute defense, (3) the relationship between cyberspace defense and information warfare defense, and (4) the relevance to alliance formation of the fact that while war is dull, dirty, and dangerous, cyber war is none of these three.
Fitwi, Alem, Chen, Yu, Zhu, Sencun.  2019.  A Lightweight Blockchain-Based Privacy Protection for Smart Surveillance at the Edge. 2019 IEEE International Conference on Blockchain (Blockchain). :552—555.
Witnessing the increasingly pervasive deployment of security video surveillance systems(VSS), more and more individuals have become concerned with the issues of privacy violations. While the majority of the public have a favorable view of surveillance in terms of crime deterrence, individuals do not accept the invasive monitoring of their private life. To date, however, there is not a lightweight and secure privacy-preserving solution for video surveillance systems. The recent success of blockchain (BC) technologies and their applications in the Internet of Things (IoT) shed a light on this challenging issue. In this paper, we propose a Lightweight, Blockchain-based Privacy protection (Lib-Pri) scheme for surveillance cameras at the edge. It enables the VSS to perform surveillance without compromising the privacy of people captured in the videos. The Lib-Pri system transforms the deployed VSS into a system that functions as a federated blockchain network capable of carrying out integrity checking, blurring keys management, feature sharing, and video access sanctioning. The policy-based enforcement of privacy measures is carried out at the edge devices for real-time video analytics without cluttering the network.
Bao, Xianglin, Su, Cheng, Xiong, Yan, Huang, Wenchao, Hu, Yifei.  2019.  FLChain: A Blockchain for Auditable Federated Learning with Trust and Incentive. 2019 5th International Conference on Big Data Computing and Communications (BIGCOM). :151—159.
Federated learning (shorted as FL) recently proposed by Google is a privacy-preserving method to integrate distributed data trainers. FL is extremely useful due to its ensuring privacy, lower latency, less power consumption and smarter models, but it could fail if multiple trainers abort training or send malformed messages to its partners. Such misbehavior are not auditable and parameter server may compute incorrectly due to single point failure. Furthermore, FL has no incentive to attract sufficient distributed training data and computation power. In this paper, we propose FLChain to build a decentralized, public auditable and healthy FL ecosystem with trust and incentive. FLChain replace traditional FL parameter server whose computation result must be consensual on-chain. Our work is not trivial when it is vital and hard to provide enough incentive and deterrence to distributed trainers. We achieve model commercialization by providing a healthy marketplace for collaborative-training models. Honest trainer can gain fairly partitioned profit from well-trained model according to its contribution and the malicious can be timely detected and heavily punished. To reduce the time cost of misbehavior detecting and model query, we design DDCBF for accelerating the query of blockchain-documented information. Finally, we implement a prototype of our work and measure the cost of various operations.
Usama, Muhammad, Asim, Muhammad, Qadir, Junaid, Al-Fuqaha, Ala, Imran, Muhammad Ali.  2019.  Adversarial Machine Learning Attack on Modulation Classification. 2019 UK/ China Emerging Technologies (UCET). :1—4.
Modulation classification is an important component of cognitive self-driving networks. Recently many ML-based modulation classification methods have been proposed. We have evaluated the robustness of 9 ML-based modulation classifiers against the powerful Carlini & Wagner (C-W) attack and showed that the current ML-based modulation classifiers do not provide any deterrence against adversarial ML examples. To the best of our knowledge, we are the first to report the results of the application of the C-W attack for creating adversarial examples against various ML models for modulation classification.
Straub, Jeremy.  2019.  Cyber Mutual Assured Destruction as a System of Systems and the Implications for System Design. 2019 14th Annual Conference System of Systems Engineering (SoSE). :137—139.
Mutual assured destruction is a Cold War era principle of deterrence through causing your enemy to fear that you can destroy them to at least the same extent that they can destroy you. It is based on the threat of retaliation and requires systems that can either be triggered after an enemy attack is launched and before the destructive capability is destroyed or systems that can survive an initial attack and be launched in response. During the Cold War, the weapons of mutual assured destructions were nuclear. However, with the incredible reliance on computers for everything from power generation control to banking to agriculture logistics, a cyber attack mutual assured destruction scenario is plausible. This paper presents this concept and considers the deterrent need, to prevent such a crippling attack from ever being launched, from a system of systems perspective.
Arif, Syed Waqas, Coskun, Adem, Kale, Izzet.  2019.  A Fully Adaptive Lattice-based Notch Filter for Mitigation of Interference in GPS. 2019 15th Conference on Ph.D Research in Microelectronics and Electronics (PRIME). :217—220.
Intentional interference presents a major threat to the operation of the Global Navigation Satellite Systems. Adaptive notch filtering provides an excellent countermeasure and deterrence against narrowband interference. This paper presents a comparative performance analysis of two adaptive notch filtering algorithms for GPS specific applications which are based on Direct form Second Order and Lattice-Based notch filter structures. Performance of each algorithm is evaluated considering the ratio of jamming to noise density against the effective signal to noise ratio at the output of the correlator. A fully adaptive lattice notch filter is proposed, which is able to simultaneously adapt its coefficients to alter the notch frequency along with the bandwidth of the notch filter. The filter demonstrated a superior tracking performance and convergence rate in comparison to an existing algorithm taken from the literature. Moreover, this paper describes the complete GPS modelling platform implemented in Simulink too.
Giles, Keir, Hartmann, Kim.  2019.  “Silent Battle” Goes Loud: Entering a New Era of State-Avowed Cyber Conflict. 2019 11th International Conference on Cyber Conflict (CyCon). 900:1—13.
The unprecedented transparency shown by the Netherlands intelligence services in exposing Russian GRU officers in October 2018 is indicative of a number of new trends in state handling of cyber conflict. US public indictments of foreign state intelligence officials, and the UK's deliberate provision of information allowing the global media to “dox” GRU officers implicated in the Salisbury poison attack in early 2018, set a precedent for revealing information that previously would have been confidential. This is a major departure from previous practice where the details of state-sponsored cyber attacks would only be discovered through lengthy investigative journalism (as with Stuxnet) or through the efforts of cybersecurity corporations (as with Red October). This paper uses case studies to illustrate the nature of this departure and consider its impact, including potentially substantial implications for state handling of cyber conflict. The paper examines these implications, including: · The effect of transparency on perception of conflict. Greater public knowledge of attacks will lead to greater public acceptance that countermeasures should be taken. This may extend to public preparedness to accept that a state of declared or undeclared war exists with a cyber aggressor. · The resulting effect on legality. This adds a new element to the long-running debates on the legality of cyber attacks or counter-attacks, by affecting the point at which a state of conflict is politically and socially, even if not legally, judged to exist. · The further resulting effect on permissions and authorities to conduct cyber attacks, in the form of adjustment to the glaring imbalance between the means and methods available to aggressors (especially those who believe themselves already to be in conflict) and defenders. Greater openness has already intensified public and political questioning of the restraint shown by NATO and EU nations in responding to Russian actions; this trend will continue. · Consequences for deterrence, both specifically within cyber conflict and also more broadly deterring hostile actions. In sum, the paper brings together the direct and immediate policy implications, for a range of nations and for NATO, of the new apparent policy of transparency.
Bhandari, Chitra, Kumar, Sumit, Chauhan, Sudha, Rahman, M A, Sundaram, Gaurav, Jha, Rajib Kumar, Sundar, Shyam, Verma, A R, Singh, Yashvir.  2019.  Biomedical Image Encryption Based on Fractional Discrete Cosine Transform with Singular Value Decomposition and Chaotic System. 2019 International Conference on Computing, Power and Communication Technologies (GUCON). :520—523.
In this paper, new image encryption based on singular value decomposition (SVD), fractional discrete cosine transform (FrDCT) and the chaotic system is proposed for the security of medical image. Reliability, vitality, and efficacy of medical image encryption are strengthened by it. The proposed method discusses the benefits of FrDCT over fractional Fourier transform. The key sensitivity of the proposed algorithm for different medical images inspires us to make a platform for other researchers. Theoretical and statistical tests are carried out demonstrating the high-level security of the proposed algorithm.
Zhang, Yonghong, Zheng, Peijia, Luo, Weiqi.  2019.  Privacy-Preserving Outsourcing Computation of QR Decomposition in the Encrypted Domain. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :389—396.
Signal processing in encrypted domain has become an important mean to protect privacy in an untrusted network environment. Due to the limitations of the underlying encryption methods, many useful algorithms that are sophisticated are not well implemented. Considering that QR decomposition is widely used in many fields, in this paper, we propose to implement QR decomposition in homomorphic encrypted domain. We firstly realize some necessary primitive operations in homomorphic encrypted domain, including division and open square operation. Gram-Schmidt process is then studied in the encrypted domain. We propose the implementation of QR decomposition in the encrypted domain by using the secure implementation of Gram-Schmidt process. We conduct experiments to demonstrate the effectiveness and analyze the performance of the proposed outsourced QR decomposition.
Viegas, P., Borges, D., Montezuma, P., Dinis, R., Silva, M. M..  2019.  Multi-beam Physical Security Scheme: Security Assessment and Impact of Array Impairments on Security and Quality of Service. 2019 PhotonIcs Electromagnetics Research Symposium - Spring (PIERS-Spring). :2368—2375.
Massive multiple-input multiple-output (mMIMO) with perfect channel state information (CSI) can lead array power gain increments proportional to the number of antennas. Despite this fact constrains on power amplification still exist due to envelope variations of high order constellation signals. These constrains can be overpassed by a transmitter with several amplification branches, with each one associated to a component signal that results from the decomposition of a multilevel constellation as a sum of several quasi constant envelope signals that are sent independently. When combined with antenna arrays at the end of each amplification branch the security improves due to the energy separation achieved by beamforming. However, to avoid distortion on the signal resulting from the combination of all components at channel level all the beams of signal components should be directed in same direction. In such conditions it is crucial to assess the impact of misalignments between beams associated to each user, which is the purpose of this work. The set of results presented here show the good tolerance against misalignments of these transmission structures.
Lisova, Elena, El Hachem, Jamal, Causevic, Aida.  2019.  Investigating Attack Propagation in a SoS via a Service Decomposition. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:9—14.
A term systems of systems (SoS) refers to a setup in which a number of independent systems collaborate to create a value that each of them is unable to achieve independently. Complexity of a SoS structure is higher compared to its constitute systems that brings challenges in analyzing its critical properties such as security. An SoS can be seen as a set of connected systems or services that needs to be adequately protected. Communication between such systems or services can be considered as a service itself, and it is the paramount for establishment of a SoS as it enables connections, dependencies, and a cooperation. Given that reliable and predictable communication contributes directly to a correct functioning of an SoS, communication as a service is one of the main assets to consider. Protecting it from malicious adversaries should be one of the highest priorities within SoS design and operation. This study aims to investigate the attack propagation problem in terms of service-guarantees through the decomposition into sub-services enriched with preconditions and postconditions at the service levels. Such analysis is required as a prerequisite for an efficient SoS risk assessment at the design stage of the SoS development life cycle to protect it from possibly high impact attacks capable of affecting safety of systems and humans using the system.
Xu, Yonggan, Luo, Jian, Tang, Kunming, Jiang, Jie, Gou, Xin, Shi, Jiawei, Lu, Bingwen.  2019.  Control Strategy Analysis of Grid-connected Energy Storage Converter Based on Harmonic Decomposition. 2019 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia). :1324—1329.
The three-phase grid-connected converter control strategy, which applies to the battery energy storage system, generally ignores the interference of harmonic components in the grid voltage. As a result, it is difficult to meet the practical application requirements. To deal with this problem, it is necessary to optimize and improve the traditional control strategy, taking harmonics into consideration. And its bases are analysis of the harmonic characteristics and study of its control mechanism in the grid-connected converter. This paper proposes a method of harmonic decomposition, classifies the grid voltage harmonics and explores the control mechanism in the grid-connected converter. With the help of the simulation model built by Matlab/Simulink, the comparative simulation of the energy storage control system carried out under the control of the ideal grid voltage input and the actual one, verifies the correctness of the analytical method proposed in the article.
Cai, Guang-Wei, Fang, Zhi, Chen, Yue-Feng.  2019.  Estimating the Number of Hidden Nodes of the Single-Hidden-Layer Feedforward Neural Networks. 2019 15th International Conference on Computational Intelligence and Security (CIS). :172—176.
In order to solve the problem that there is no effective means to find the optimal number of hidden nodes of single-hidden-layer feedforward neural network, in this paper, a method will be introduced to solve it effectively by using singular value decomposition. First, the training data need to be normalized strictly by attribute-based data normalization and sample-based data normalization. Then, the normalized data is decomposed based on the singular value decomposition, and the number of hidden nodes is determined according to main eigenvalues. The experimental results of MNIST data set and APS data set show that the feedforward neural network can attain satisfactory performance in the classification task.
Gupta, Arpit, Kaur, Arashdeep, Dutta, Malay Kishore, Schimmel, Jiří.  2019.  Perceptually Transparent Robust Audio Watermarking Algorithm Using Multi Resolution Decomposition Cordic QR Decomposition. 2019 42nd International Conference on Telecommunications and Signal Processing (TSP). :313—317.
This paper proposes an audio watermarking algorithm having good balance between perceptual transparency, robustness, and payload. The proposed algorithm is based on Cordic QR decomposition and multi-resolution decomposition meeting all the necessary audio watermarking design requirements. The use of Cordic QR decomposition provides good robustness and use of detailed coefficients of multi-resolution decomposition help to obtain good transparency at high payload. Also, the proposed algorithm does not require original signal or the embedded watermark for extraction. The binary data embedding capacity of the proposed algorithm is 960.4 bps and the highest SNR obtained is 35.1380 dB. The results obtained in this paper show that the proposed method has good perceptual transparency, high payload and robustness under various audio signal processing attacks.
Li, Feiyan, Li, Wei, Huo, Hongtao, Ran, Qiong.  2019.  Decision Fusion Based on Joint Low Rank and Sparse Component for Hyperspectral Image Classification. IGARSS 2019 - 2019 IEEE International Geoscience and Remote Sensing Symposium. :401—404.
Sparse and low rank matrix decomposition is a method that has recently been developed for estimating different components of hyperspectral data. The rank component is capable of preserving global data structures of data, while a sparse component can select the discriminative information by preserving details. In order to take advantage of both, we present a novel decision fusion based on joint low rank and sparse component (DFJLRS) method for hyperspectral imagery in this paper. First, we analyzed the effects of different components on classification results. Then a novel method adopts a decision fusion strategy which combines a SVM classifier with the information provided by joint sparse and low rank components. With combination of the advantages, the proposed method is both representative and discriminative. The proposed algorithm is evaluated using several hyperspectral images when compared with traditional counterparts.
Jia, Guanbo, Miller, Paul, Hong, Xin, Kalutarage, Harsha, Ban, Tao.  2019.  Anomaly Detection in Network Traffic Using Dynamic Graph Mining with a Sparse Autoencoder. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :458—465.
Network based attacks on ecommerce websites can have serious economic consequences. Hence, anomaly detection in dynamic network traffic has become an increasingly important research topic in recent years. This paper proposes a novel dynamic Graph and sparse Autoencoder based Anomaly Detection algorithm named GAAD. In GAAD, the network traffic over contiguous time intervals is first modelled as a series of dynamic bipartite graph increments. One mode projection is performed on each bipartite graph increment and the adjacency matrix derived. Columns of the resultant adjacency matrix are then used to train a sparse autoencoder to reconstruct it. The sum of squared errors between the reconstructed approximation and original adjacency matrix is then calculated. An online learning algorithm is then used to estimate a Gaussian distribution that models the error distribution. Outlier error values are deemed to represent anomalous traffic flows corresponding to possible attacks. In the experiment, a network emulator was used to generate representative ecommerce traffic flows over a time period of 225 minutes with five attacks injected, including SYN scans, host emulation and DDoS attacks. ROC curves were generated to investigate the influence of the autoencoder hyper-parameters. It was found that increasing the number of hidden nodes and their activation level, and increasing sparseness resulted in improved performance. Analysis showed that the sparse autoencoder was unable to encode the highly structured adjacency matrix structures associated with attacks, hence they were detected as anomalies. In contrast, SVD and variants, such as the compact matrix decomposition, were found to accurately encode the attack matrices, hence they went undetected.
Huijuan, Wang, Yong, Jiang, Xingmin, Ma.  2019.  Fast Bi-dimensional Empirical Mode based Multisource Image Fusion Decomposition. 2019 28th Wireless and Optical Communications Conference (WOCC). :1—4.
Bi-dimensional empirical mode decomposition can decompose the source image into several Bi-dimensional Intrinsic Mode Functions. In the process of image decomposition, interpolation is needed and the upper and lower envelopes will be drawn. However, these interpolations and the drawings of upper and lower envelopes require a lot of computation time and manual screening. This paper proposes a simple but effective method that can maintain the characteristics of the original BEMD method, and the Hermite interpolation reconstruction method is used to replace the surface interpolation, and the variable neighborhood window method is used to replace the fixed neighborhood window method. We call it fast bi-dimensional empirical mode decomposition of the variable neighborhood window method based on research characteristics, and we finally complete the image fusion. The empirical analysis shows that this method can overcome the shortcomings that the source image features and details information of BIMF component decomposed from the original BEMD method are not rich enough, and reduce the calculation time, and the fusion quality is better.
Singh, Neha, Joshi, Sandeep, Birla, Shilpi.  2019.  Suitability of Singular Value Decomposition for Image Watermarking. 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN). :983—986.
Digital images are extensively used and exchanged through internet, which gave rise to the need of establishing authorship of images. Image watermarking has provided a solution to prevent false claims of ownership of the media. Information about the owner, generally in the form of a logo, text or image is imperceptibly hid into the subject. Many transforms have been explored by the researcher community for image watermarking. Many watermarking techniques have been developed based on Singular Value Decomposition (SVD) of images. This paper analyses Singular Value Decomposition to understand its use, ability and limitations to hide additional information into the cover image for Digital Image Watermarking application.
El-Din Abd El-Raouf, Karim Alaa, Bahaa-Eldin, Ayman M., Sobh, Mohamed A..  2019.  Multipath Traffic Engineering for Software Defined Networking. 2019 14th International Conference on Computer Engineering and Systems (ICCES). :132—136.
ASA systems (firewall, IDS, IPS) are probable to become communication bottlenecks in networks with growing network bandwidths. To alleviate this issue, we suggest to use Application-aware mechanism based on Deep Packet Inspection (DPI) to bypass chosen traffic around firewalls. The services of Internet video sharing gained importance and expanded their share of the multimedia market. The Internet video should meet strict service quality (QoS) criteria to make the broadcasting of broadcast television a viable and comparable level of quality. However, since the Internet video relies on packet communication, it is subject to delays, transmission failures, loss of data and bandwidth restrictions that may have a catastrophic effect on the quality of multimedia.
Danilchenko, Victor, Theobald, Matthew, Cohen, Daniel.  2019.  Bootstrapping Security Configuration for IoT Devices on Networks with TLS Inspection. 2019 IEEE Globecom Workshops (GC Wkshps). :1—7.
In the modern security-conscious world, Deep Packet Inspection (DPI) proxies are increasingly often used on industrial and enterprise networks to perform TLS unwrapping on all outbound connections. However, enabling TLS unwrapping requires local devices to have the DPI proxy Certificate Authority certificates installed. While for conventional computing devices this is addressed via enterprise management, it's a difficult problem for Internet of Things ("IoT") devices which are generally not under enterprise management, and may not even be capable of it due to their resource-constrained nature. Thus, for typical IoT devices, being installed on a network with DPI requires either manual device configuration or custom DPI proxy configuration, both of which solutions have significant shortcomings. This poses a serious challenge to the deployment of IoT devices on DPI-enabled intranets. The authors propose a solution to this problem: a method of installing on IoT devices the CA certificates for DPI proxy CAs, as well as other security configuration ("security bootstrapping"). The proposed solution respects the DPI policies, while allowing the commissioning of IoT and IIoT devices without the need for additional manual configuration either at device scope or at network scope. This is accomplished by performing the bootstrap operation over unsecured connection, and downloading certificates using TLS validation at application level. The resulting solution is light-weight and secure, yet does not require validation of the DPI proxy's CA certificates in order to perform the security bootstrapping, thus avoiding the chicken-and-egg problem inherent in using TLS on DPI-enabled intranets.
Shaout, Adnan, Crispin, Brennan.  2019.  Markov Augmented Neural Networks for Streaming Video Classification. 2019 International Arab Conference on Information Technology (ACIT). :1—7.
With the growing number of streaming services, internet providers are increasingly needing to be able to identify the types of data and content providers that are being used on their networks. Traditional methods, such as IP and port scanning, are not always available for clients using VPNs or with providers using varying IP addresses. As such, in this paper we explore a potential method using neural networks and Markov Decision Process in order to augment deep packet inspection techniques in identifying the source and class of video streaming services.
Yamauchi, Hiroaki, Nakao, Akihiro, Oguchi, Masato, Yamamoto, Shu, Yamaguchi, Saneyasu.  2019.  A Study on Service Identification Based on Server Name Indication Analysis. 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW). :470—474.
Identifying services constituting traffic from given IP network flows is essential to various applications, such as the management of quality of service (QoS) and the prevention of security issues. Typical methods for achieving this objective include identifications based on IP addresses and port numbers. However, such methods are not sufficiently accurate and require improvement. Deep Packet Inspection (DPI) is one of the most promising methods for improving the accuracy of identification. In addition, many current IP flows are encrypted using Transport Layer Security (TLS). Hence, it is necessary for identification methods to analyze flows encrypted by TLS. For that reason, a service identification method based on DPI and n-gram that focuses only on the non-encrypted parts in the TLS session establishment was proposed. However, there is room for improvement in identification accuracy because this method analyzes all the non-encrypted parts including Random Values without protocol analyses. In this paper, we propose a method for identifying the service from given IP flows based on analysis of Server Name Indication (SNI). The proposed method clusters flow according to the value of SNI and identify services from the occurrences of all clusters. Our evaluations, which involve identifications of services on Google and Yahoo sites, demonstrate that the proposed method can identify services more accurately than the existing method.
KAO, Da-Yu.  2019.  Cybercrime Countermeasure of Insider Threat Investigation. 2019 21st International Conference on Advanced Communication Technology (ICACT). :413—418.
The threat of cybercrime is becoming increasingly complex and diverse on putting citizen's data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of cybercrime insider investigation presents many opportunities for actionable intelligence on improving the quality and value of digital evidence. There are several advantages of applying Deep Packet Inspection (DPI) methods in cybercrime insider investigation. This paper introduces DPI method that can help investigators in developing new techniques and performing digital investigation process in forensically sound and timely fashion manner. This paper provides a survey of the packet inspection, which can be applied to cybercrime insider investigation.
Yan, Haonan, Li, Hui, Xiao, Mingchi, Dai, Rui, Zheng, Xianchun, Zhao, Xingwen, Li, Fenghua.  2019.  PGSM-DPI: Precisely Guided Signature Matching of Deep Packet Inspection for Traffic Analysis. 2019 IEEE Global Communications Conference (GLOBECOM). :1—6.
In the field of network traffic analysis, Deep Packet Inspection (DPI) technology is widely used at present. However, the increase in network traffic has brought tremendous processing pressure on the DPI. Consequently, detection speed has become the bottleneck of the entire application. In order to speed up the traffic detection of DPI, a lot of research works have been applied to improve signature matching algorithms, which is the most influential factor in DPI performance. In this paper, we present a novel method from a different angle called Precisely Guided Signature Matching (PGSM). Instead of matching packets with signature directly, we use supervised learning to automate the rules of specific protocol in PGSM. By testing the performance of a packet in the rules, the target packet could be decided when and which signatures should be matched with. Thus, the PGSM method reduces the number of aimless matches which are useless and numerous. After proposing PGSM, we build a framework called PGSM-DPI to verify the effectiveness of guidance rules. The PGSM-DPI framework consists of PGSM method and open source DPI library. The framework is running on a distributed platform with better throughput and computational performance. Finally, the experimental results demonstrate that our PGSM-DPI can reduce 59.23% original DPI time and increase 21.31% throughput. Besides, all source codes and experimental results can be accessed on our GitHub.
Ceška, Milan, Havlena, Vojtech, Holík, Lukáš, Korenek, Jan, Lengál, Ondrej, Matoušek, Denis, Matoušek, Jirí, Semric, Jakub, Vojnar, Tomáš.  2019.  Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata. 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). :109—117.
Deep packet inspection via regular expression (RE) matching is a crucial task of network intrusion detection systems (IDSes), which secure Internet connection against attacks and suspicious network traffic. Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware. In this paper, we describe a novel FPGA architecture for RE matching that is able to process network traffic beyond 100 Gbps. The key idea is to reduce the required FPGA resources by leveraging approximate nondeterministic FAs (NFAs). The NFAs are compiled into a multi-stage architecture starting with the least precise stage with a high throughput and ending with the most precise stage with a low throughput. To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic. Our experiments showed that using our approach, we were able to perform matching of large sets of REs from SNORT, a popular IDS, on unprecedented network speeds.