Provided by: University of Miami School of Business Administration
Date Added: Dec 2012
Opaque traffic, i.e., traffic that is compressed or encrypted, incurs particularly high overhead for deep packet inspection engines and often yields little or no useful information. The authors' experiments indicate that an astonishing 89% of payload-carrying TCP packets - and 86% of bytes transmitted - are opaque, forcing them to consider the challenges this class of traffic presents for network security, both in the short-term and, as the proportion of opaque traffic continues to rise, for the future. They provide a first step toward addressing some of these challenges by introducing new techniques for accurate real-time winnowing, or filtering, of such traffic based on the intuition that the distribution of byte values found in opaque traffic will differ greatly from that found in transparent traffic.