Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Fragment Hashing Approach for Scalable and Cloud-Aware Network File Detection
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO)ORCID iD: 0000-0003-3461-7079
2018 (English)In: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, p. 1-5Conference paper, Published paper (Refereed)
Abstract [en]

Monitoring networks for the presence of some particular set of files can, for example, be important in order to avoid exfiltration of sensitive data, or combat the spread of Child Sexual Abuse (CSA) material. This work presents a scalable system for large-scale file detection in high-speed networks. A multi-level approach using packet sampling with rolling and block hashing is introduced. We show that such approach together with a well tuned implementation can perform detection of a large number of files on the network at 10 Gbps using standard hardware. The use of packet sampling enables easy distribution of the monitoring processing functionality, and allows for flexible scaling in a cloud environment. Performance experiments on the most run-time critical hashing parts shows a single-thread performance consistent with 10Gbps line rate monitoring. The file detectability is examined for three data sets over a range of packet sampling rates. A conservative sampling rate of 0.1 is demonstrated to perform well for all tested data sets. It is also shown that knowledge of the file size distribution can be exploited to allow lower sampling rates to be configured for two of the data sets, which in turn results in lower resource usage.

Place, publisher, year, edition, pages
New York: IEEE, 2018. p. 1-5
Keywords [en]
Monitoring, Databases, Metadata, Hardware, Throughput, Forensics, System analysis and design
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-67375DOI: 10.1109/NTMS.2018.8328746ISBN: 978-1-5386-3662-6 (electronic)ISBN: 978-1-5386-3663-3 (print)OAI: oai:DiVA.org:kau-67375DiVA, id: diva2:1209861
Conference
2018 9th IFIP International Conference on New Technologies, Mobility & Security, 26-28 February 2018, Paris, France
Available from: 2018-05-24 Created: 2018-05-24 Last updated: 2018-08-14Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full texthttps://ieeexplore.ieee.org/document/8328746/

Search in DiVA

By author/editor
Garcia, Johan
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 32 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf