PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording

PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording

Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate r...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE network 2016-11, Vol.30 (6), p.42-48
Hauptverfasser: Shin, Seon-Ho, Lee, Jooyoung, Jeong, Ji-Man, Kim, HyunBong, Kim, Jong-Hyun, Kim, Ikkyun, Yoon, MyungKeun
Format: Artikel
Sprache:eng
Schlagworte:
Central processing units
Computer forensics
Computer networks
CPUs
Engines
Fingerprint recognition
Forensics
Gateways
Indexing
Information storage
Internet
Logic gates
Network security
Parallel processing
Scalability
Storage management
Surveillance
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 48
container_issue 6
container_start_page 42
container_title IEEE network
container_volume 30
creator Shin, Seon-Ho
Lee, Jooyoung
Jeong, Ji-Man
Kim, HyunBong
Kim, Jong-Hyun
Kim, Ikkyun
Yoon, MyungKeun
description Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate redundant contents over multiple packets. Unlike previous work, our proposed scheme is designed for packet-level de-duplication to support any kinds of network from the current Internet to emerging networks. We also present a new fast chunking method and a new indexing scheme that enable multiple engine instances to execute in parallel. We implement the de-duplication engine, and experimental results show that our proposed scheme can remove up to 65 percent of the packet contents in a real campus network. We also confirm that its throughput scalably increases with the number of CPU cores, which means that the proposed scheme can be implemented in a wide range of computing devices from small home gateways to high-end servers.
doi_str_mv 10.1109/MNET.2016.1600103NM
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1846668507</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7764298</ieee_id><sourcerecordid>4272128251</sourcerecordid><originalsourceid>FETCH-LOGICAL-c297t-e606fba6d986ee9e60698daa85446e6ecfe74408a95dd710bf1cf69ba3650dd83</originalsourceid><addsrcrecordid>eNo9kNFKwzAUhoMoOKdPsJuC150nbZIm3o2tusE2h0zwLmTJ6eicTU27C9_elsluzs-B7z8HPkJGFMaUgnparfPtOAEqxlQAUEjXqysyoJzLmHLxeU0GIBXEEhi7JXdNc-ggxtNkQOabsJjlz9Ek2gTfeuuP8aJyWGM3qjaaYTw71cfSmrb0VZRX-7LCqPAh2hj7hW30jtYHV1b7e3JTmGODD_85JB8v-XY6j5dvr4vpZBnbRGVtjAJEsTPCKSkQVb8q6YyRnDGBAm2BGWMgjeLOZRR2BbWFUDuTCg7OyXRIHs936-B_Tti0-uBPoepeaiqZEEJyyDoqPVM2-KYJWOg6lN8m_GoKuleme2W6V6YvyrrW6NwqEfHSyDLBEiXTPy49Z1M</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1846668507</pqid></control><display><type>article</type><title>PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording</title><source>IEEE Electronic Library (IEL)</source><creator>Shin, Seon-Ho ; Lee, Jooyoung ; Jeong, Ji-Man ; Kim, HyunBong ; Kim, Jong-Hyun ; Kim, Ikkyun ; Yoon, MyungKeun</creator><creatorcontrib>Shin, Seon-Ho ; Lee, Jooyoung ; Jeong, Ji-Man ; Kim, HyunBong ; Kim, Jong-Hyun ; Kim, Ikkyun ; Yoon, MyungKeun</creatorcontrib><description>Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate redundant contents over multiple packets. Unlike previous work, our proposed scheme is designed for packet-level de-duplication to support any kinds of network from the current Internet to emerging networks. We also present a new fast chunking method and a new indexing scheme that enable multiple engine instances to execute in parallel. We implement the de-duplication engine, and experimental results show that our proposed scheme can remove up to 65 percent of the packet contents in a real campus network. We also confirm that its throughput scalably increases with the number of CPU cores, which means that the proposed scheme can be implemented in a wide range of computing devices from small home gateways to high-end servers.</description><identifier>ISSN: 0890-8044</identifier><identifier>EISSN: 1558-156X</identifier><identifier>DOI: 10.1109/MNET.2016.1600103NM</identifier><identifier>CODEN: IENEET</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Central processing units ; Computer forensics ; Computer networks ; CPUs ; Engines ; Fingerprint recognition ; Forensics ; Gateways ; Indexing ; Information storage ; Internet ; Logic gates ; Network security ; Parallel processing ; Scalability ; Storage management ; Surveillance</subject><ispartof>IEEE network, 2016-11, Vol.30 (6), p.42-48</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Nov-Dec 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c297t-e606fba6d986ee9e60698daa85446e6ecfe74408a95dd710bf1cf69ba3650dd83</citedby><cites>FETCH-LOGICAL-c297t-e606fba6d986ee9e60698daa85446e6ecfe74408a95dd710bf1cf69ba3650dd83</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7764298$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7764298$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Shin, Seon-Ho</creatorcontrib><creatorcontrib>Lee, Jooyoung</creatorcontrib><creatorcontrib>Jeong, Ji-Man</creatorcontrib><creatorcontrib>Kim, HyunBong</creatorcontrib><creatorcontrib>Kim, Jong-Hyun</creatorcontrib><creatorcontrib>Kim, Ikkyun</creatorcontrib><creatorcontrib>Yoon, MyungKeun</creatorcontrib><title>PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording</title><title>IEEE network</title><addtitle>NET-M</addtitle><description>Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate redundant contents over multiple packets. Unlike previous work, our proposed scheme is designed for packet-level de-duplication to support any kinds of network from the current Internet to emerging networks. We also present a new fast chunking method and a new indexing scheme that enable multiple engine instances to execute in parallel. We implement the de-duplication engine, and experimental results show that our proposed scheme can remove up to 65 percent of the packet contents in a real campus network. We also confirm that its throughput scalably increases with the number of CPU cores, which means that the proposed scheme can be implemented in a wide range of computing devices from small home gateways to high-end servers.</description><subject>Central processing units</subject><subject>Computer forensics</subject><subject>Computer networks</subject><subject>CPUs</subject><subject>Engines</subject><subject>Fingerprint recognition</subject><subject>Forensics</subject><subject>Gateways</subject><subject>Indexing</subject><subject>Information storage</subject><subject>Internet</subject><subject>Logic gates</subject><subject>Network security</subject><subject>Parallel processing</subject><subject>Scalability</subject><subject>Storage management</subject><subject>Surveillance</subject><issn>0890-8044</issn><issn>1558-156X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kNFKwzAUhoMoOKdPsJuC150nbZIm3o2tusE2h0zwLmTJ6eicTU27C9_elsluzs-B7z8HPkJGFMaUgnparfPtOAEqxlQAUEjXqysyoJzLmHLxeU0GIBXEEhi7JXdNc-ggxtNkQOabsJjlz9Ek2gTfeuuP8aJyWGM3qjaaYTw71cfSmrb0VZRX-7LCqPAh2hj7hW30jtYHV1b7e3JTmGODD_85JB8v-XY6j5dvr4vpZBnbRGVtjAJEsTPCKSkQVb8q6YyRnDGBAm2BGWMgjeLOZRR2BbWFUDuTCg7OyXRIHs936-B_Tti0-uBPoepeaiqZEEJyyDoqPVM2-KYJWOg6lN8m_GoKuleme2W6V6YvyrrW6NwqEfHSyDLBEiXTPy49Z1M</recordid><startdate>201611</startdate><enddate>201611</enddate><creator>Shin, Seon-Ho</creator><creator>Lee, Jooyoung</creator><creator>Jeong, Ji-Man</creator><creator>Kim, HyunBong</creator><creator>Kim, Jong-Hyun</creator><creator>Kim, Ikkyun</creator><creator>Yoon, MyungKeun</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201611</creationdate><title>PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording</title><author>Shin, Seon-Ho ; Lee, Jooyoung ; Jeong, Ji-Man ; Kim, HyunBong ; Kim, Jong-Hyun ; Kim, Ikkyun ; Yoon, MyungKeun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c297t-e606fba6d986ee9e60698daa85446e6ecfe74408a95dd710bf1cf69ba3650dd83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Central processing units</topic><topic>Computer forensics</topic><topic>Computer networks</topic><topic>CPUs</topic><topic>Engines</topic><topic>Fingerprint recognition</topic><topic>Forensics</topic><topic>Gateways</topic><topic>Indexing</topic><topic>Information storage</topic><topic>Internet</topic><topic>Logic gates</topic><topic>Network security</topic><topic>Parallel processing</topic><topic>Scalability</topic><topic>Storage management</topic><topic>Surveillance</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shin, Seon-Ho</creatorcontrib><creatorcontrib>Lee, Jooyoung</creatorcontrib><creatorcontrib>Jeong, Ji-Man</creatorcontrib><creatorcontrib>Kim, HyunBong</creatorcontrib><creatorcontrib>Kim, Jong-Hyun</creatorcontrib><creatorcontrib>Kim, Ikkyun</creatorcontrib><creatorcontrib>Yoon, MyungKeun</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE network</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Shin, Seon-Ho</au><au>Lee, Jooyoung</au><au>Jeong, Ji-Man</au><au>Kim, HyunBong</au><au>Kim, Jong-Hyun</au><au>Kim, Ikkyun</au><au>Yoon, MyungKeun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording</atitle><jtitle>IEEE network</jtitle><stitle>NET-M</stitle><date>2016-11</date><risdate>2016</risdate><volume>30</volume><issue>6</issue><spage>42</spage><epage>48</epage><pages>42-48</pages><issn>0890-8044</issn><eissn>1558-156X</eissn><coden>IENEET</coden><abstract>Packet recording or capturing is one of the most useful tools for network forensics and surveillance. Since a storage system is of a limited size, de-duplication can be used to save disk space. In this article, we present a new scalable de-duplication engine for packet recording that can eliminate redundant contents over multiple packets. Unlike previous work, our proposed scheme is designed for packet-level de-duplication to support any kinds of network from the current Internet to emerging networks. We also present a new fast chunking method and a new indexing scheme that enable multiple engine instances to execute in parallel. We implement the de-duplication engine, and experimental results show that our proposed scheme can remove up to 65 percent of the packet contents in a real campus network. We also confirm that its throughput scalably increases with the number of CPU cores, which means that the proposed scheme can be implemented in a wide range of computing devices from small home gateways to high-end servers.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/MNET.2016.1600103NM</doi><tpages>7</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0890-8044
ispartof IEEE network, 2016-11, Vol.30 (6), p.42-48
issn 0890-8044
1558-156X
language eng
recordid cdi_proquest_journals_1846668507
source IEEE Electronic Library (IEL)
subjects Central processing units
Computer forensics
Computer networks
CPUs
Engines
Fingerprint recognition
Forensics
Gateways
Indexing
Information storage
Internet
Logic gates
Network security
Parallel processing
Scalability
Storage management
Surveillance
title PrIDE: A Protocol-Independent De-Duplication Engine for Packet Recording
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T01%3A14%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=PrIDE:%20A%20Protocol-Independent%20De-Duplication%20Engine%20for%20Packet%20Recording&rft.jtitle=IEEE%20network&rft.au=Shin,%20Seon-Ho&rft.date=2016-11&rft.volume=30&rft.issue=6&rft.spage=42&rft.epage=48&rft.pages=42-48&rft.issn=0890-8044&rft.eissn=1558-156X&rft.coden=IENEET&rft_id=info:doi/10.1109/MNET.2016.1600103NM&rft_dat=%3Cproquest_RIE%3E4272128251%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1846668507&rft_id=info:pmid/&rft_ieee_id=7764298&rfr_iscdi=true