2759

Improved Compressed Data Security Scanning

Hay-Saikevich David, HUJI, School of Computer Science and Engineering, Computer Science

Fast Online Deep Packet Inspection (DPI)

tamir_huberman_-_david_hay.jpg

Categories

Computer Science & Engineering, Web Technologies, Internet Security

Development Stage

Proof of concept – algorithm complete; Seeking industrial cooperation to implement the system 

Highlights

  • Network security requires the inspection of data packets for protocol non-compliance, viruses, spam, intrusions, or other predefined security-linked criteria.
  • Usually carried out by a network device performing Deep Packet Inspection (DPI) of a packet.
  • DPI consists of inspecting both the packet header and payload and alerting when signatures of malicious software, identified through pattern matching algorithms, appear in the traffic.
  • In order to save bandwidth and to speed up web browsing, most major sites use traffic compression which poses a challenge for performing DPI.

Our Innovation

Novel pattern matching algorithm that inspects Shared Dictionary Compression over HTTP (SDCH)-compressed traffic without need for decompression

Key Features

  • Algorithm operates in two phases, the offline phase and the online phase.
  • The offline phase starts when the device gets the dictionary.
  • The offline phase consists of inspection of the shared dictionary common to all SDCH-compressed traffic.
  • In the offline phase, auxiliary information is marked to speed up the online DPI inspection.
  • Upon receiving the delta file, which is unique to each compressed file, it is scanned online.
  • System skips up to 99% of the referenced data and gains up to 56% improvement in the performance of the multi-patterns matching algorithm, as compared with scanning the plain text directly, that is, it works almost at the rate of the compressed traffic, implying a speed gain of SDCH’s compression ratio.
  • Low memory footprint so algorithm can be easily deployed in current environments.

Development Milestones

  • Seeking industrial cooperation to implement the system

The Opportunity

  • Algorithm can run within a security tool that performs DPI, deployed with a pattern matching algorithm.
  • Can run in a single user environment, such as PC, tablet, or cellular phone

Patent Status

Granted US 9,280,600

Contact for more information:

Aviv Shoher
SVP BUSINESS DEVELOPMENT
+972-2-6586635
Contact ME:
Image CAPTCHA