Deep semantics inspection over big network data at wire speed

Deep semantics inspection (DSI), proposed in this article, reveals the semantics behind big network data on the fly. The key idea of DSI is to obtain a sketch of user behavior at wire speed, with a size several orders of magnitude smaller than that of raw data. Then semantics analysis is applied to the obtained sketch. To demonstrate the use of DSI, this article also presents several practical user scenarios leveraging on the DSI system designed.

[1]  Ming Zhang,et al.  MicroTE: fine grained traffic engineering for data centers , 2011, CoNEXT '11.

[2]  Eric Torng,et al.  FlowSifter: A counting automata approach to layer 7 field extraction for deep flow inspection , 2012, 2012 Proceedings IEEE INFOCOM.

[3]  Hao Li,et al.  MP-ROOM: Optimal Matching on Multiple PDUs for Fine-Grained Traffic Identification , 2014, IEEE Journal on Selected Areas in Communications.

[4]  Hao Li,et al.  ROOM: Rule Organized Optimal Matching for fine-grained traffic identification , 2013, 2013 Proceedings IEEE INFOCOM.

[5]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[6]  Bin Liu,et al.  NetShield: massive semantics-based vulnerability signature matching for high-speed networks , 2010, SIGCOMM '10.

[7]  Larry L. Peterson,et al.  binpac: a yacc for writing application protocol parsers , 2006, IMC '06.

[8]  Li Guo,et al.  A semantics aware approach to automated reverse engineering unknown protocols , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[9]  Hao Li,et al.  Parsing application layer protocol with commodity hardware for SDN , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[10]  Yuming Jiang,et al.  Online Semantic Analysis over Big Network Data , 2015, ERCIM News.