Accelerating Multi-Patterns Matching on Compressed HTTP Traffic

Free registration required

Executive Summary

One of the fundamental techniques which are used today by network security tools to detect malicious activities is 'Signature based' detection. Today, the performance of the security tools is dominated by the speed of the string-matching algorithms that detect these signatures. Currently these security tools do not deal with compressed traffic, which becomes more and more common in HTTP. HTTP protocol uses the GZIP compression, which first requires some kind of decompression phase before performing the multi-patterns matching task. Thus, there is a high performance penalty in pattern matching on compressed data.

  • Format: PDF
  • Size: 270.5 KB