Eagle: An Agile Approach to Automaton Updating in Cloud Security Services

Hao Peng, Zhe Liu, Jie Shen, Xue Li, Hanteng Chen, Jianxin Li, Lu Liu
{"title":"Eagle: An Agile Approach to Automaton Updating in Cloud Security Services","authors":"Hao Peng, Zhe Liu, Jie Shen, Xue Li, Hanteng Chen, Jianxin Li, Lu Liu","doi":"10.1109/SOSE.2016.17","DOIUrl":null,"url":null,"abstract":"Automaton-based pattern matching methods have been widely used in security services for traffic inspection and filtering. However, a large scale of patterns may be updated frequently in a multi-tenant cloud, which poses new challenges to avoid attacks while updating new patterns. This paper presents an agile approach named Eagle for \"on-the-fly\" updating automaton in cloud security services. The approach provides three algorithms on AC and SBOM, adding, deleting and updating operation, to update state and links of automaton in high-speed online cloud traffic. Theoretical analysis shows that Eagle lowers the computational complexity of updating patterns from O (n2) to O (n). The effectiveness of this agile approach is verified when applied to a real cloud gateway. It turns out that 68% - 89% of the time can be saved and the throughput of cloud traffic filtering proves no reduction during and after the pattern update.","PeriodicalId":153118,"journal":{"name":"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)","volume":"432 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SOSE.2016.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

Automaton-based pattern matching methods have been widely used in security services for traffic inspection and filtering. However, a large scale of patterns may be updated frequently in a multi-tenant cloud, which poses new challenges to avoid attacks while updating new patterns. This paper presents an agile approach named Eagle for "on-the-fly" updating automaton in cloud security services. The approach provides three algorithms on AC and SBOM, adding, deleting and updating operation, to update state and links of automaton in high-speed online cloud traffic. Theoretical analysis shows that Eagle lowers the computational complexity of updating patterns from O (n2) to O (n). The effectiveness of this agile approach is verified when applied to a real cloud gateway. It turns out that 68% - 89% of the time can be saved and the throughput of cloud traffic filtering proves no reduction during and after the pattern update.
Eagle:在云安全服务中实现自动更新的敏捷方法
基于自动机的模式匹配方法已广泛应用于安全服务中的流量检测和过滤。然而,在多租户云中,可能会频繁更新大量模式,这给在更新新模式的同时避免攻击带来了新的挑战。本文提出了一种名为Eagle的敏捷方法,用于云安全服务中的“即时”更新自动化。该方法提供了AC和SBOM、添加、删除和更新操作三种算法,用于更新高速在线云流量中自动机的状态和链路。理论分析表明Eagle将模式更新的计算复杂度从0 (n2)降低到O (n),并在实际云网关应用中验证了这种敏捷方法的有效性。结果表明,可以节省68% - 89%的时间,并且在模式更新期间和之后,云流量过滤的吞吐量没有减少。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信