Space-Time Tradeoffs in Software-Based Deep Packet Inspection
|
|
- Steven Poole
- 5 years ago
- Views:
Transcription
1 Space-Time Tradeoffs in Software-ased eep Packet Inspection nat remler-arr I Herzliya, Israel Yotam Harchol avid Hay Hebrew University, Israel. OWSP Israel 2011 (Was also presented in I HPSR 2011) Parts of this work were supported by uropean Research ouncil (R) Starting Grant no Supported by the heck Point Institute for Information Security
2 Outline Motivation ackground New ompression Techniques xperimental Results onclusions 2
3 Network Intrusion etection Systems lassify packets according to: Header fields: Source IP & port, destination IP & port, protocol, etc. Packet payload (data) IP Internet packet eep Packet Inspection Motivation ackground New ompression Techniques xperimental Results onclusions 3
4 The environment: eep Packet Inspection High apacity Slow Memory Locality-based Low apacity Fast Memory ()RM ache Memory Motivation ackground New ompression Techniques xperimental Results onclusions 4
5 Our ontributions Literature assumption: try to fit data structure in cache fforts to compress the data structures Our paper: Is it beneficial? In reality, even in non-compressed implementation, most memory accesses are done to the cache UT One can attack the non-compressed implementation by reducing its locality, getting it out of cache - and making it much slower! How to mitigate this attack? ompress even further - our new techniques: 60% less memory Motivation ackground New ompression Techniques xperimental Results onclusions 5
6 omplexity os ttack Find a gap between average case and worst case ngineer input that exploits this gap Launch a enial of Service attack on the system Internet Throughput Motivation ackground New ompression Techniques xperimental Results onclusions 6
7 Outline Motivation ackground New ompression Techniques xperimental Results onclusions 7
8 ho-orasick lgorithm [ho, orasick; 1975] uild a eterministic Finite utomaton Traverse the F, byte by byte ccepting state pattern found xample: {,,,,, } Input: s 0 s 1 s 2 s 7 s 3 s 4 s 5 s 8 s 13 s s 6 9 s 14 s 10 s 11 s 12 Motivation ackground New ompression Techniques xperimental Results onclusions 8
9 ho-orasick lgorithm [ho, orasick; 1975] Naïve implementation: Represent the transition function in a table of Σ S entries Σ: alphabet S: set of states Lookup time: one memory access per input symbol Space: In reality: 70M to gigabytes S S S S S S S S S : Motivation ackground New ompression Techniques xperimental Results onclusions 9
10 Potential omplexity os ttack 1. xhaustive Traversal dversarial Traffic Traverses as much states of the automaton s 0 ad locality - ad for naïve implementation (will not utilize cache) s 1 s 2 s 7 s 3 s 4 s 5 s 8 s 13 s 6 s 14 s 9 s 10 s 11 s 12 Motivation ackground New ompression Techniques xperimental Results onclusions 10
11 lternative Implementation [ho, orasick; 1975] Forward Transition Failure Transition Failure transition goes to the state that matches the longest suffix of the input so far Lookup time: at most two memory accesses per input symbol (via amortized analysis) Space: at most, # of symbols in pattern set, depends on implementation s 0 s 1 s 2 s 7 s 3 s 4 s 5 s 13 s 6 s 14 s 8 s 9 s 10 s 11 s 12 Motivation ackground New ompression Techniques xperimental Results onclusions 11
12 Potential omplexity os ttack 1. xhaustive Traversal dversarial Traffic - Traverses as much states of the automaton s 0 - ad locality - ad for naïve implementation (will not utilize cache) s 1 s 2 s 7 2. Failure-path Traversal dversarial Traffic - Traverses as much failure transitions - ad for failure-path based automaton (as much memory accesses per input symbol) s 3 s 4 s 5 s 14 s 13 s 6 s 8 s 9 s 10 s 11 s 12 Motivation ackground New ompression Techniques xperimental Results onclusions 12
13 Prior Work: ompress the State Representation symbol forward: 13 6 symbol forward: 13 6 failure: 7 match: False failure: 7 match: False size: 2 itmap: Length= Σ Lookup Table an count bits using popcnt instruction Linear ncoded s 0 s 1 s 2 s 7 forward: 13 6 s 3 s 4 s 5 s 8 failure: 7 match: False itmap ncoded s 13 s 6 Motivation ackground New ompression Techniques xperimental Results onclusions s s s 9 13
14 Outline Motivation ackground New ompression Techniques xperimental Results onclusions 14
15 Tuck et al. Our Path ompression 2004 Path ompression One-way branches can be represented using a single state s 0 Similarly to PTRII tries s 1 s 2 () s 7 Problem: Incoming failure transitions s 3 s 4 s 5 () s 8 Solution: ompress only states with no incoming failure transitions s 13 s 6 s 14 () s 9 ' s % () 75% s 11 s 12 Motivation ackground New ompression Techniques xperimental Results onclusions 15
16 Leaves ompression y definition, leaves have no forward transitions Their single purpose is to indicate a match We can push this indication up by adding a bit to each pointer Then, leaves can be eliminated from the automaton - by copying their failure transition up * s 0 * * s 1 s 2 * * * * s 3 s 4 s 5 * s 14 s 5 () () * * s 13 s 6 () () s 7 s 8 8 ' ' * * s 9 ' 3% more space reduction Reduces number of transitions taken Motivation ackground New ompression Techniques xperimental Results onclusions 16
17 Pointer ompression In Snort IS pattern-set, 79% of the fail pointers point to states in depths 0, 1, 2 dd two bits to encode depth of pointer: 00: epth 0 01: epth 1 10: epth 2 11: epth 3 and deeper 16 bits pointer epth 2 2 bits epth Pointers 0 (s 0 ) 13% 1 31% 2 35% 3 21% 16 bits pointer epth > 2 2 bits 16 bits pointer 11 Motivation ackground New ompression Techniques xperimental Results onclusions 17
18 Tuck et al. Our Path ompression Pointer omp Pointer ompression epth Pointers 0 (s 0 ) 13% 1 31% 2 35% 3 21% etermine next state from pointer depth: - 0: Go to root - 1: Use a lookup table using last symbol - 2: Use a hash table using last two symbols - 3: Use the stored pointer epth 1 Lookup Table: epth 2 Hash Table: Symbol State - s 2 s 7 - Last 2 symbols hash table Next state 100% 75% 41% s 1 Motivation ackground New ompression Techniques xperimental Results onclusions 18
19 Function Inlining ompressed implementation makes more memory accesses Initial implementation was based on a few functions calling each other voiding function calls (by inlining their code) reduced total number of memory reads by 36% Motivation ackground New ompression Techniques xperimental Results onclusions 19
20 Outline Motivation ackground New ompression Techniques xperimental Results onclusions 20
21 Test Systems xperimental Setup System 1 System 2 Type Macook Pro imac PU ore 2 uo 2.53GHz dual core ore i7 2.93GHz quad core L1 ache: 16K (data, per core) 16K (data, per core) L2 ache: 3M (shared) 256K (per core) L3 ache: - 8M (shared) Pattern-Sets Snort lamv* Patterns 31,094 16,710 States in Naïve Implementation 77, ,303 Real-life traffic logs taken from MIT RP * We used only half of lamv signatures for our tests Motivation ackground New ompression Techniques xperimental Results onclusions 21
22 Memory Footprint [M] Space Requirement Snort (Partial) lamv Naïve Implementation est Prior-rt Implementation Our Implementation Motivation ackground New ompression Techniques xperimental Results onclusions 22
23 Memory accesses per input symbol Memory ccesses per Input Symbol Real Life Traffic xhaustive Traversal dversarial Traffic Failure-Path Traversal dversarial Traffic 0 Naïve Implementation Our Implementation Motivation ackground New ompression Techniques xperimental Results onclusions xperimental Results 23
24 L1 ata ache Miss Rate L1 ata ache Miss Rate 35% 30% 25% 20% Intel ore 2 uo (2 cores) 16K L1 ata ache 3M L2 ache Real Life Traffic xhaustive Traversal dversarial Traffic Failure-Path Traversal dversarial Traffic 15% 10% 5% 0% Naïve Implementation Our Implementation Motivation ackground New ompression Techniques xperimental Results onclusions 24
25 L2 ache Miss Rate L2 ache Miss Rate 25% Real-Life Traffic: 0.7% 20% L2 ache Miss Rate 15% dversarial Traffic: L2 ache 23% Miss Rate Intel ore 2 uo (2 cores) 16K L1 ata ache 3M L2 ache Real Life Traffic xhaustive Traversal dversarial Traffic Failure-Path Traversal dversarial Traffic 10% Maximal L2 Miss Rate: 0.06% 5% 0% Naïve Implementation Our Implementation Motivation ackground New ompression Techniques xperimental Results onclusions 25
26 Throughput [Mps] xperimental Results Space vs. Time: Real-Life Traffic Throughput dversarial Traffic Throughput Naïve Implementation Our Implementation -86% Memory Footprint [M] (Logarithmic Scale) Motivation ackground New ompression Techniques xperimental Results onclusions 26
27 Outline Motivation ackground New ompression Techniques xperimental Results onclusions 27
28 onclusions It is crucial to model the cache in software-based eep Packet Inspection: Naïve ho-orasick implementation has a huge memory footprint, but works well on real-life traffic due to locality of reference Naïve implementation can be easily attacked, making it 7 times slower, even though it has constant number of memory accesses We also show new compression techniques: 60% less memory than best prior-art compression Stable throughput, better performance under attacks Motivation ackground New ompression Techniques xperimental Results onclusions 28
29 Questions? Thank you!
Deep Packet Inspection of Next Generation Network Devices
Deep Packet Inspection of Next Generation Network Devices Prof. Anat Bremler-Barr IDC Herzliya, Israel www.deepness-lab.org This work was supported by European Research Council (ERC) Starting Grant no.
More informationTriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection
Dept. of Electrical and Computer Eng. : Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection N. Sertac Artan and Jonathan H. Chao 8 May 27 26th Annual IEEE Conference on Computer Communications
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationAccelerating String Matching Using Multi-threaded Algorithm
Accelerating String Matching Using Multi-threaded Algorithm on GPU Cheng-Hung Lin*, Sheng-Yu Tsai**, Chen-Hsiung Liu**, Shih-Chieh Chang**, Jyuo-Min Shyu** *National Taiwan Normal University, Taiwan **National
More informationCS 268: Route Lookup and Packet Classification
Overview CS 268: Route Lookup and Packet Classification Packet Lookup Packet Classification Ion Stoica March 3, 24 istoica@cs.berkeley.edu 2 Lookup Problem Identify the output interface to forward an incoming
More informationSwitch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011
// Bottlenecks Memory, memory, 88 - Switch and Router Design Dr. David Hay Ross 8b dhay@cs.huji.ac.il Source: Nick Mckeown, Isaac Keslassy Packet Processing Examples Address Lookup (IP/Ethernet) Where
More informationGreedy algorithms 2 4/5/12. Knapsack problems: Greedy or not? Compression algorithms. Data compression. David Kauchak cs302 Spring 2012
Knapsack problems: Greedy or not? Greedy algorithms 2 avid Kauchak cs02 Spring 12 l 0-1 Knapsack thief robbing a store finds n items worth v 1, v 2,.., v n dollars and weight w 1, w 2,, w n pounds, where
More informationRouters & Routing : Computer Networking. Binary Search on Ranges. Speeding up Prefix Match - Alternatives
Routers & Routing -44: omputer Networking High-speed router architecture Intro to routing protocols ssigned reading [McK9] Fast Switched ackplane for a Gigabit Switched Router Know RIP/OSPF L-4 Intra-omain
More informationForwarding and Routers : Computer Networking. Original IP Route Lookup. Outline
Forwarding and Routers 15-744: Computer Networking L-9 Router Algorithms IP lookup Longest prefix matching Classification Flow monitoring Readings [EVF3] Bitmap Algorithms for Active Flows on High Speed
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationThird Generation Routers
IP orwarding 5-5- omputer Networking 5- Lecture : Routing Peter Steenkiste all www.cs.cmu.edu/~prs/5-- The Story So ar IP addresses are structured to reflect Internet structure IP packet headers carry
More informationThe Basics of Wireless Communication Octav Chipara
The asics of Wireless ommunication Octav hipara genda hannel model: the protocol model High-level media access TM, SM hidden/exposed terminal problems WLN Fundamentals of routing proactive on-demand 2
More informationRule-Based Forwarding
Building Extensible Networks with Rule-Based Forwarding Lucian Popa Norbert Egi Sylvia Ratnasamy Ion Stoica UC Berkeley/ICSI Lancaster Univ. Intel Labs Berkeley UC Berkeley Making Internet forwarding flexible
More informationDoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.
DoS Attacks Network Traceback Eric Stone Easy to launch Hard to trace Zombie machines Fake header info The Ultimate Goal Stopping attacks at the source To stop an attack at its source, you need to know
More informationChunkStash: Speeding Up Storage Deduplication using Flash Memory
ChunkStash: Speeding Up Storage Deduplication using Flash Memory Biplob Debnath +, Sudipta Sengupta *, Jin Li * * Microsoft Research, Redmond (USA) + Univ. of Minnesota, Twin Cities (USA) Deduplication
More informationFast Deep Packet Inspection with a Dual Finite Automata
1 Fast Deep Packet Inspection with a Dual Finite Automata Cong Liu Jie Wu Sun Yat-sen University Temple University gzcong@gmail.com jiewu@temple.edu Abstract Deep packet inspection, in which packet payloads
More informationCSCI 104 Tries. Mark Redekopp David Kempe
1 CSCI 104 Tries Mark Redekopp David Kempe TRIES 2 3 Review of Set/Map Again Recall the operations a set or map performs Insert(key) Remove(key) find(key) : bool/iterator/pointer Get(key) : value [Map
More informationHash-Based String Matching Algorithm For Network Intrusion Prevention systems (NIPS)
Hash-Based String Matching Algorithm For Network Intrusion Prevention systems (NIPS) VINOD. O & B. M. SAGAR ISE Department, R.V.College of Engineering, Bangalore-560059, INDIA Email Id :vinod.goutham@gmail.com,sagar.bm@gmail.com
More informationTrees and DAGS. 4. Trees and DAGs. Cycles. Cycles
Trees and DGS 4. Trees and DGs Jonathan Schaeffer jonathan@cs.ualberta.ca www.cs.ualberta.ca/~jonathan Many search trees are really search directed acyclic graphs (DGs) Detect cycles and eliminate them
More informationPredecessor Data Structures. Philip Bille
Predecessor Data Structures Philip Bille Outline Predecessor problem First tradeoffs Simple tries x-fast tries y-fast tries Predecessor Problem Predecessor Problem The predecessor problem: Maintain a set
More informationGrowth of the Internet Network capacity: A scarce resource Good Service
IP Route Lookups 1 Introduction Growth of the Internet Network capacity: A scarce resource Good Service Large-bandwidth links -> Readily handled (Fiber optic links) High router data throughput -> Readily
More informationAuthors: Mark Handley, Vern Paxson, Christian Kreibich
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics Authors: Mark Handley, Vern Paxson, Christian Kreibich Exploitable Ambiguities NIDS does not have full range
More informationMidterm Review. Congestion Mgt, CIDR addresses,tcp processing, TCP close. Routing. hierarchical networks. Routing with OSPF, IS-IS, BGP-4
Midterm Review Week 1 Congestion Mgt, CIDR addresses,tcp processing, TCP close Week 2 Routing. hierarchical networks Week 3 Routing with OSPF, IS-IS, BGP-4 Week 4 IBGP, Prefix lookup, Tries, Non-stop routers,
More informationProgram Calling Context. Motivation
Program alling ontext Motivation alling context enhances program understanding and dynamic analyses by providing a rich representation of program location ollecting calling context can be expensive The
More informationCS350: Data Structures B-Trees
B-Trees James Moscola Department of Engineering & Computer Science York College of Pennsylvania James Moscola Introduction All of the data structures that we ve looked at thus far have been memory-based
More informationRuler: High-Speed Packet Matching and Rewriting on Network Processors
Ruler: High-Speed Packet Matching and Rewriting on Network Processors Tomáš Hrubý Kees van Reeuwijk Herbert Bos Vrije Universiteit, Amsterdam World45 Ltd. ANCS 2007 Tomáš Hrubý (VU Amsterdam, World45)
More informationHashing Round-down Prefixes for Rapid Packet Classification
Hashing Round-down Prefixes for Rapid Packet Classification Fong Pong and Nian-Feng Tzeng* *Center for Advanced Computer Studies University of Louisiana, Lafayette, USA 1 Outline Packet Classification
More informationEfficient Signature Matching with Multiple Alphabet Compression Tables
Efficient Signature Matching with Multiple Alphabet Compression Tables Shijin Kong Randy Smith Cristian Estan Presented at SecureComm, Istanbul, Turkey Signature Matching Signature Matching a core component
More informationCSE/EE 461 Lecture 7 Bridging LANs. Last Two Times. This Time -- Switching (a.k.a. Bridging)
S/ 461 Lecture 7 ridging LNs Last Two Times Medium ccess ontrol (M) protocols Part of the Link Layer t the heart of Local rea Networks (LNs) ow do multiple parties share a wire or the air? Random access
More informationSupra-linear Packet Processing Performance with Intel Multi-core Processors
White Paper Dual-Core Intel Xeon Processor LV 2.0 GHz Communications and Networking Applications Supra-linear Packet Processing Performance with Intel Multi-core Processors 1 Executive Summary Advances
More informationHash Table Design and Optimization for Software Virtual Switches
Hash Table Design and Optimization for Software Virtual Switches P R E S E N T E R : R E N WA N G Y I P E N G WA N G, S A M E H G O B R I E L, R E N WA N G, C H A R L I E TA I, C R I S T I A N D U M I
More informationNetwork Architecture Laboratory
Automated Synthesis of Adversarial Workloads for Network Functions Luis Pedrosa, Rishabh Iyer, Arseniy Zaostrovnykh, Jonas Fietz, Katerina Argyraki Network Architecture Laboratory Software NFs The good:
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationLecture 6: Bridges and Switches. CS/ECE 438: Communication Networks Prof. Matthew Caesar February 19, 2010
Lecture 6: ridges and Switches CS/C 48: Communication Networks Prof. Matthew Caesar February 9, How can many hosts communicate? Naïve approach: full mesh Problem: doesn t scale How can many hosts communicate?
More informationTOC: Switching & Forwarding
Walrand Lecture TO: Switching & Forwarding Lecture Switching & Forwarding EES University of alifornia Berkeley Why? Switching Techniques Switch haracteristics Switch Examples Switch rchitectures Summary
More informationHardware Acceleration in Computer Networks. Jan Kořenek Conference IT4Innovations, Ostrava
Hardware Acceleration in Computer Networks Outline Motivation for hardware acceleration Longest prefix matching using FPGA Hardware acceleration of time critical operations Framework and applications Contracted
More informationTCOM 501: Networking Theory & Fundamentals. Lecture 11 April 16, 2003 Prof. Yannis A. Korilis
TOM 50: Networking Theory & undamentals Lecture pril 6, 2003 Prof. Yannis. Korilis 2 Topics Routing in ata Network Graph Representation of a Network Undirected Graphs Spanning Trees and Minimum Weight
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationCS 350 : Data Structures B-Trees
CS 350 : Data Structures B-Trees David Babcock (courtesy of James Moscola) Department of Physical Sciences York College of Pennsylvania James Moscola Introduction All of the data structures that we ve
More informationTable of Contents...2 Abstract...3 Protocol Flow Analyzer...3
TABLE OF CONTENTS Table of Contents...2 Abstract...3 Protocol Flow Analyzer...3 What is a Protocol Flow?...3 Protocol Flow Analysis...3 Benefits of Protocol Flow Analysis...4 HTTP Flow Analyzer Overview...4
More informationMapping a Dynamic Prefix Tree on a P2P Network
Mapping a Dynamic Prefix Tree on a P2P Network Eddy Caron, Frédéric Desprez, Cédric Tedeschi GRAAL WG - October 26, 2006 Outline 1 Introduction 2 Related Work 3 DLPT architecture 4 Mapping 5 Conclusion
More informationIP Forwarding Computer Networking. Routes from Node A. Graph Model. Lecture 10: Intra-Domain Routing
IP orwarding - omputer Networking Lecture : Intra-omain Routing RIP (Routing Information Protocol) & OSP (Open Shortest Path irst) The Story So ar IP addresses are structure to reflect Internet structure
More informationPrevious Lecture. Link Layer & Network Layer. Link Layer. This Lecture. Framing. Sending bits. Chapter 7.C and 7.D
hapter 7. and 7. Previous Lecture Layer & Network Layer The network is organized into layers Prof. ina Katabi Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari alakrishnan,
More informationDeep Packet Inspection as a Service
Deep Packet Inspection as a Service Anat Bremler-Barr School of Computer Science The Interdisciplinary Center Herzliya, Israel bremler@idc.ac.il Yotam Harchol School of Computer Science and Engineering
More informationNOWADAYS, pattern matching is required in an increasing
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 3, JUNE 2011 683 Differential Encoding of DFAs for Fast Regular Expression Matching Domenico Ficara, Member, IEEE, Andrea Di Pietro, Student Member, IEEE,
More informationA DEDUPLICATION-INSPIRED FAST DELTA COMPRESSION APPROACH W EN XIA, HONG JIANG, DA N FENG, LEI T I A N, M I N FU, YUKUN Z HOU
A DEDUPLICATION-INSPIRED FAST DELTA COMPRESSION APPROACH W EN XIA, HONG JIANG, DA N FENG, LEI T I A N, M I N FU, YUKUN Z HOU PRESENTED BY ROMAN SHOR Overview Technics of data reduction in storage systems:
More informationCISC 662 Graduate Computer Architecture. Classifying ISA. Lecture 3 - ISA Michela Taufer. In a CPU. From Source to Assembly Code
IS 662 Graduate omputer rchitecture Lecture 3 - IS Michela Taufer lassifying IS Powerpoint Lecture Notes from John Hennessy and David Patterson s: omputer rchitecture, 4th edition ---- dditional teaching
More informationProgrammable Hardware for Deep Packet Filtering on a Large Signature Set
Programmable Hardware for eep Packet Filtering on a Large Signature Set Young H. ho and William H. Mangione-Smith epartment of lectrical ngineering The University of alifornia, Los ngeles, 90095 {young,
More informationCMTreeMiner: Mining Both Closed and Maximal Frequent Subtrees
MTreeMiner: Mining oth losed and Maximal Frequent Subtrees Yun hi, Yirong Yang, Yi Xia, and Richard R. Muntz University of alifornia, Los ngeles, 90095, US {ychi,yyr,xiayi,muntz}@cs.ucla.edu bstract. Tree
More informationHomework 1 Solutions:
Homework 1 Solutions: If we expand the square in the statistic, we get three terms that have to be summed for each i: (ExpectedFrequency[i]), (2ObservedFrequency[i]) and (ObservedFrequency[i])2 / Expected
More informationColumn-Stores vs. Row-Stores. How Different are they Really? Arul Bharathi
Column-Stores vs. Row-Stores How Different are they Really? Arul Bharathi Authors Daniel J.Abadi Samuel R. Madden Nabil Hachem 2 Contents Introduction Row Oriented Execution Column Oriented Execution Column-Store
More informationGLA University, Mathura
Q1: onsider the statement: Not all that glitters is gold GL University, Mathura GLET - M.Tech. (SE) Model Paper Predicate glitters (x) is true if x glitters and predicate gold (x) is true if x is gold.
More informationLecture 11: IPv6. CSE 123: Computer Networks Alex C. Snoeren. HW 2 due NOW
Lecture 11: IPv6 CSE 123: Computer Networks Alex C. Snoeren HW 2 due NOW Longest Matching Prefix Forwarding table contains many prefix/length tuples They need not be disjoint! E.g. 200.23.16.0/20 and 200.23.18.0/23
More informationStateful Detection in High Throughput Distributed Systems
Stateful Detection in High Throughput Distributed Systems Gunjan Khanna, Ignacio Laguna, Fahad A. Arshad, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer Engineering Purdue
More informationAccelerating String Matching Algorithms on Multicore Processors Cheng-Hung Lin
Accelerating String Matching Algorithms on Multicore Processors Cheng-Hung Lin Department of Electrical Engineering, National Taiwan Normal University, Taipei, Taiwan Abstract String matching is the most
More informationFirewall Performance Evaluation Secure Computing Sidewinder vs. Check Point NGX
Firewall Performance Evaluation vs. Check Point NGX June 1, 27 Author: Bill Bosen Firewall Performance Evaluation 7 vs. R62 June 1, 27 In view of the fact that firewall performance is becoming more and
More informationHardware Assisted Recursive Packet Classification Module for IPv6 etworks ABSTRACT
Hardware Assisted Recursive Packet Classification Module for IPv6 etworks Shivvasangari Subramani [shivva1@umbc.edu] Department of Computer Science and Electrical Engineering University of Maryland Baltimore
More informationConcepts for Robust NoC Communication
oncepts for Robust o ommunication Martin Radetzki Department of mbedded ystems ngineering Institute of omputer Architecture and omputer ngineering Universität tuttgart www.iti.uni-stuttgart.de/ese.phtml
More informationComputer Architecture Spring 2016
omputer Architecture Spring 2016 Lecture 09: Prefetching Shuai Wang Department of omputer Science and Technology Nanjing University Prefetching(1/3) Fetch block ahead of demand Target compulsory, capacity,
More informationOptimizing Xcast Treemap Performance with NFV and SDN
Optimizing Xcast Treemap Performance with NFV and N T. Khoa Phan Joined work with avid Griffin and Miguel Rio University ollege London Next Generation Networking workshop, July 2016 Facebook Livestream
More informationImplementation of Lexical Analysis
Written ssignments W assigned today Implementation of Lexical nalysis Lecture 4 Due in one week :59pm Electronic hand-in Prof. iken CS 43 Lecture 4 Prof. iken CS 43 Lecture 4 2 Tips on uilding Large Systems
More informationAFilter: Adaptable XML Filtering with Prefix-Caching and Suffix-Clustering
AFilter: Adaptable XML Filtering with Prefix-Caching and Suffix-Clustering K. Selçuk Candan Wang-Pin Hsiung Songting Chen Junichi Tatemura Divyakant Agrawal Motivation: Efficient Message Filtering Is this
More information0!1. Overlaying mechanism is called tunneling. Overlay Network Nodes. ATM links can be the physical layer for IP
epartment of lectrical ngineering and omputer Sciences University of alifornia erkeley '!$$( network defined over another set of networks The overlay addresses its own nodes Links on one layer are network
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationIndexing and Searching
Indexing and Searching Introduction How to retrieval information? A simple alternative is to search the whole text sequentially Another option is to build data structures over the text (called indices)
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More information4/11/2012. Outline. Routing Protocols for Ad Hoc Networks. Classification of Unicast Ad-Hoc Routing Protocols. Ad Hoc Networks.
18759 Wireless Networks (2012-pring) urvey Routing Protocols for d Hoc Networks Jiun-RenLin and Yi-hun hou lectrical and omputer ngineering arnegie Mellon University Outline d-hoc networks Unicast d-hoc
More informationPERG-Rx: An FPGA-based Pattern-Matching Engine with Limited Regular Expression Support for Large Pattern Database. Johnny Ho
PERG-Rx: An FPGA-based Pattern-Matching Engine with Limited Regular Expression Support for Large Pattern Database Johnny Ho Supervisor: Guy Lemieux Date: September 11, 2009 University of British Columbia
More informationLecture 12: Aggregation. CSE 123: Computer Networks Alex C. Snoeren
Lecture 12: Aggregation CSE 123: Computer Networks Alex C. Snoeren Lecture 12 Overview Subnetting Classless addressing Route aggregation 2 Class-based Addressing Most significant bits determines class
More informationARAKIS An Early Warning and Attack Identification System
ARAKIS An Early Warning and Attack Identification System Piotr Kijewski Piotr.Kijewski@cert.pl 16th Annual FIRST Conference June 13-18, Budapest, Hungary Presentation outline Trends in large scale malicious
More informationHierarchical NFA-Based Pattern Matching for Deep Packet Inspection
Hierarchical NF-ased Pattern Matching for eep Packet Inspection Yan Sun, Victor. Valgenti, and Min Sik Kim School of Electrical and omputer Engineering Washington State University Pullman, Washington,
More informationString Matching. Pedro Ribeiro 2016/2017 DCC/FCUP. Pedro Ribeiro (DCC/FCUP) String Matching 2016/ / 42
String Matching Pedro Ribeiro DCC/FCUP 2016/2017 Pedro Ribeiro (DCC/FCUP) String Matching 2016/2017 1 / 42 On this lecture The String Matching Problem Naive Algorithm Deterministic Finite Automata Knuth-Morris-Pratt
More informationSpeeding Up Ray Tracing. Optimisations. Ray Tracing Acceleration
Speeding Up Ray Tracing nthony Steed 1999, eline Loscos 2005, Jan Kautz 2007-2009 Optimisations Limit the number of rays Make the ray test faster for shadow rays the main drain on resources if there are
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationStochastic Pre-Classification for SDN Data Plane Matching
Stochastic Pre-Classification for SDN Data Plane Matching Luke McHale, C. Jasson Casey, Paul V. Gratz, Alex Sprintson Presenter: Luke McHale Ph.D. Student, Texas A&M University Contact: luke.mchale@tamu.edu
More informationColumn Stores vs. Row Stores How Different Are They Really?
Column Stores vs. Row Stores How Different Are They Really? Daniel J. Abadi (Yale) Samuel R. Madden (MIT) Nabil Hachem (AvantGarde) Presented By : Kanika Nagpal OUTLINE Introduction Motivation Background
More informationApplication-Specific Design of Low Power Instruction Cache Hierarchy for Embedded Processors
Agenda Application-Specific Design of Low Power Instruction ache ierarchy for mbedded Processors Ji Gu Onodera Laboratory Department of ommunications & omputer ngineering Graduate School of Informatics
More informationNow Arriving at Layer 3. Packet Forwarding. Router Design. Network Layers and Routers. Switching and Forwarding. Forwarding
Now rriving at Layer Packet orwarding although layer switches and layer routers are similar in many ways and TM/Virtual are used at layer these days 9/7/6 S/ 48 - UIU, all 6 9/7/6 S/ 48 - UIU, all 6 Layers
More informationCourse Review for Finals. Cpt S 223 Fall 2008
Course Review for Finals Cpt S 223 Fall 2008 1 Course Overview Introduction to advanced data structures Algorithmic asymptotic analysis Programming data structures Program design based on performance i.e.,
More informationCS S-06 Binary Search Trees 1
CS245-2008S-06 inary Search Trees 1 06-0: Ordered List T Operations: Insert an element in the list Check if an element is in the list Remove an element from the list Print out the contents of the list,
More informationMemory Management. (SGG, Chapter 08) Objectives. Memory Hierarchy. Outline. Instructor: Dr. Tongping Liu. To describe various memory hardware"
Objectives Memory Management (SGG, hapter 08) To describe various memory hardware To discuss various memory-management techniques, including partitions and swapping Instructor: Dr. Tongping Liu Department
More informationNAT, IPv6, & UDP CS640, Announcements Assignment #3 released
NAT, IPv6, & UDP CS640, 2015-03-03 Announcements Assignment #3 released Overview Network Address Translation (NAT) IPv6 Transport layer User Datagram Protocol (UDP) Network Address Translation (NAT) Hacky
More informationScrutinizer Flow Analytics
Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred
More informationCSc 453 Lexical Analysis (Scanning)
CSc 453 Lexical Analysis (Scanning) Saumya Debray The University of Arizona Tucson Overview source program lexical analyzer (scanner) tokens syntax analyzer (parser) symbol table manager Main task: to
More information-Device. -Physical or virtual thing that does something -Software + hardware to operate a device (Controller runs port, Bus, device)
Devices -Host -CPU -Device -Controller device) +memory +OS -Physical or virtual thing that does something -Software + hardware to operate a device (Controller runs port, Bus, Communication -Registers -Control
More informationText Analytics. Index-Structures for Information Retrieval. Ulf Leser
Text Analytics Index-Structures for Information Retrieval Ulf Leser Content of this Lecture Inverted files Storage structures Phrase and proximity search Building and updating the index Using a RDBMS Ulf
More informationBUNDLED SUFFIX TREES
Motivation BUNDLED SUFFIX TREES Luca Bortolussi 1 Francesco Fabris 2 Alberto Policriti 1 1 Department of Mathematics and Computer Science University of Udine 2 Department of Mathematics and Computer Science
More informationCCNA 1 Chapter 5 v5.0 Exam Answers 2013
CCNA 1 Chapter 5 v5.0 Exam Answers 2013 1 2 A host is trying to send a packet to a device on a remote LAN segment, but there are currently no mappings in its ARP cache. How will the device obtain a destination
More informationData Structure Chapter 6
ata Structure hapter Non-inary Trees r. Patrick han School of omputer Science and ngineering South hina University of Technology Outline Non-inary (eneral) Tree (h.) Parent Pointer mplementation (h.) ist
More informationSecurity: Worms. Presenter: AJ Fink Nov. 4, 2004
Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like
More informationmywbut.com Uninformed Search
Uninformed Search 1 2.4 Search Searching through a state space involves the following: set of states Operators and their costs Start state test to check for goal state We will now outline the basic search
More informationApplications of Succinct Dynamic Compact Tries to Some String Problems
Applications of Succinct Dynamic Compact Tries to Some String Problems Takuya Takagi 1, Takashi Uemura 2, Shunsuke Inenaga 3, Kunihiko Sadakane 4, and Hiroki Arimura 1 1 IST & School of Engineering, Hokkaido
More informationBridges. Bridge Functions. Example of No-frills Bridge. No-frills Bridges. Example of Learning Bridge. Learning Bridges
ridge Functions To extend size of LNs either geographically or in terms number of users. Protocols that include collisions can be performed in a collision domain of limited size. In ring networks the number
More informationAn Efficient Algorithm for Identifying the Most Contributory Substring. Ben Stephenson Department of Computer Science University of Western Ontario
An Efficient Algorithm for Identifying the Most Contributory Substring Ben Stephenson Department of Computer Science University of Western Ontario Problem Definition Related Problems Applications Algorithm
More informationTwo Level State Machine Architecture for Content Inspection Engines
Two Level State Machine Architecture for Content Inspection Engines Mohammadreza Yazdani Wojciech Fraczak Feliks Welfeld Ioannis Lambadaris Department of Systems and Computer Engineering Carleton University,
More informationECE 158A: Lecture 5. Fall 2015
8: Lecture Fall 0 Routing ()! Location-ased ddressing Recall from Lecture that routers maintain routing tables to forward packets based on their IP addresses To allow scalability, IP addresses are assigned
More informationScalable Lookup Algorithms for IPv6
Scalable Lookup Algorithms for IPv6 Aleksandra Smiljanić a*, Zoran Čiča a a School of Electrical Engineering, Belgrade University, Bul. Kralja Aleksandra 73, 11120 Belgrade, Serbia ABSTRACT IPv4 addresses
More informationComputer Science 146. Computer Architecture
Computer Architecture Spring 2004 Harvard University Instructor: Prof. dbrooks@eecs.harvard.edu Lecture 18: Virtual Memory Lecture Outline Review of Main Memory Virtual Memory Simple Interleaving Cycle
More informationApplication Protocol Breakdown
Snort 2.0: Protocol Flow Analyzer Authors: Daniel Roelker Sourcefire Inc. Marc Norton Sourcefire Inc. Abstract The Snort 2.0 Protocol Flow Analyzer
More information"GET /cgi-bin/purchase?itemid=109agfe111;ypcat%20passwd mail 200
128.111.41.15 "GET /cgi-bin/purchase? itemid=1a6f62e612&cc=mastercard" 200 128.111.43.24 "GET /cgi-bin/purchase?itemid=61d2b836c0&cc=visa" 200 128.111.48.69 "GET /cgi-bin/purchase? itemid=a625f27110&cc=mastercard"
More information