Research On Content Filtering Systems For Compressed Network Traffics

With the rapid development of the network,the network scales and network traffics are gradually increasing,but also brings various security risks,such as various means of attack,causing a huge potential danger to network security.Content filtering can effectively perform network traffics management and monitoring,and is widely used in the field of network security.Compressed network traffics can improve transmission efficiency and reduce bandwidth usage,and the portion of compressed traffics of network traffics is increasing at present,so how to handle compressed traffics with high performance is of great significance.Therefore,research on content filtering systems for compressed network traffics is highly valued in both academic and application fields.Content filtering systems that work on network traffics are called deep packet inspection,and its core method is to perform deep protocol analysis and content inspection on data packets.For compressed traffics,the traditional method needs to decompress them before performing content inspection,but this method generates a large amount of space occupation and time overhead,which cannot meet the real-time requirement of the detection.Therefore,there is much room for improvement in deep packet inspection for compressed traffics.In addition,with the rapid development and popularization of emerging parallel processing hardware platforms such as multi-core and GPU,how to apply these hardware in content filtering systems for compressed network traffics is a hot issue in current research.In view of the above problems,this paper does the following wok: Firstly,this paper implements a content filtering algorithm on SDCH compression protocol,which can detect the traffics without decompressing them first.So it can improve the detection efficiency by about 40% compared with the traditional matching detectionalgorithm by experiments.At the same time,introducing DAT multi-pattern matching algorithm to implement the pattern matching on SDCH,and the method based on hierarchical traversal is used to construct a double array for scanning,which reduces time overhead and space occupation.Secondly,it is proposed to introduce parallel processing in content filtering systems for compressed traffics,and a compressed traffics parallel content filtering system based on OpenMP is designed and implemented,which can effectively solve the detection requirement under high-speed traffics.When multiple sessions arrive at the same time,the system adopts a guided scheduling strategy,and use multi-threaded programs to simultaneously process multiple sessions,which can effectively improve the detection efficiency,and improve the real-time and concurrency performance of the system.The superiority of the parallel optimized algorithm in the detection speed is verified by experiments.Thirdly,it should be simulated in the real network environment and test the detection performance of the algorithm in the real network environment.Based on Libpcap,the network message recovery is realized in this paper,and the size of the network data traffic is controlled by the program script,so the matching detection for compressed netwok traffics in the real network environment is realized.The experimental results show that the system can efficiently filter the content of network packets.