Hashing Incomplete and Unordered Network Streams

Chao Zheng; Xiang Li; Qingyun Liu; Yong Sun; Binxing Fang

doi:10.1007/978-3-319-99277-8_12

Conference Papers Year : 2018

Hashing Incomplete and Unordered Network Streams

(1) , (2) , (1) , (1) , (3)

1
2
3

Chao Zheng

Function : Author
PersonId : 1041891

Institute of Information Engineering [Beijing]

Xiang Li

Function : Author

Bank of China

Qingyun Liu

Function : Author
PersonId : 793840
ORCID : 0000-0003-1178-6232

Institute of Information Engineering [Beijing]

Yong Sun

Function : Author

Institute of Information Engineering [Beijing]

Binxing Fang

Function : Author

Chinese Academy of Engineering

Abstract

Deep packet inspection typically uses MD5 whitelists/blacklists or regular expressions to identify viruses, malware and certain internal files in network traffic. Fuzzy hashing, also referred to as context-triggered piecewise hashing, can be used to compare two files and determine their level of similarity. This chapter presents the stream fuzzy hash algorithm that can hash files on the fly regardless of whether the input is unordered, incomplete or has an initially-undetermined length. The algorithm, which can generate a signature of appropriate length using a one-way process, reduces the computational complexity from

$O\left( n \log n\right)$ to O(n). In a typical deep packet inspection scenario, the algorithm hashes files at the rate of 68 MB/s per CPU core and consumes no more than 5 KB of memory per file. The effectiveness of the stream fuzzy hash algorithm is evaluated using a publicly-available dataset. The results demonstrate that, unlike other fuzzy hash algorithms, the precision and recall of the stream fuzzy hash algorithm are not compromised when processing unordered and incomplete inputs.

Keywords

Domains

Computer Science [cs]

Fichier principal

472401_1_En_12_Chapter.pdf (714)

Origin	Files produced by the author(s)

Hal Ifip : Connect in order to contact the contributor

https://inria.hal.science/hal-01988840

Submitted on : Tuesday, January 22, 2019-9:44:36 AM

Last modification on : Tuesday, November 12, 2024-11:34:03 AM

Long-term archiving on : Tuesday, April 23, 2019-1:27:37 PM

Dates and versions

hal-01988840 , version 1 (22-01-2019)

Licence

Attribution

Identifiers

HAL Id : hal-01988840 , version 1
DOI : 10.1007/978-3-319-99277-8_12

Cite

Chao Zheng, Xiang Li, Qingyun Liu, Yong Sun, Binxing Fang. Hashing Incomplete and Unordered Network Streams. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.199-224, ⟨10.1007/978-3-319-99277-8_12⟩. ⟨hal-01988840⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-AICT IFIP-TC IFIP-WG IFIP-TC11 IFIP-DF IFIP-WG11-9 IFIP-AICT-532

88 View

264 Download

Hashing Incomplete and Unordered Network Streams

Abstract

Keywords

Domains

Dates and versions

Licence

Identifiers

Cite

Export

Collections

Altmetric

Share