상세정보
학술지
PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording
- 발행일
- 201612
- 출처
- IEEE Network, v.30 no.6, pp.42-48
- ISSN
- 0890-8044
- 출판사
- IEEE
- 협약과제
- 16MH2200, 사이버 공격의 사전 사후 대응을 위한 사이버 블랙박스 및 통합 사이버보안 상황분석 기술 개발, 김종현
- 초록
- Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate redundant contents over multiple packets. Unlike previous work, our proposed scheme is designed for packet-level de-duplication to support any kinds of network from the current Internet to emerging networks. We also present a new fast chunking method and a new indexing scheme that enable multiple engine instances to execute in parallel. We implement the de-duplication engine, and experimental results show that our proposed scheme can remove up to 65 percent of the packet contents in a real campus network. We also confirm that its throughput scalably increases with the number of CPU cores, which means that the proposed scheme can be implemented in a wide range of computing devices from small home gateways to high-end servers.
- KSP 제안 키워드
- Campus Network, Home gateway, Indexing scheme, Network Forensics, Protocol-independent, Storage system, Wide range, de-duplication