A double-compression method for searchable network packets in network forensics and analysis

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2024-08-24 DOI:10.1016/j.compeleceng.2024.109535

Zhenyu Li , Yong Ding , Chen Yi

{"title":"A double-compression method for searchable network packets in network forensics and analysis","authors":"Zhenyu Li , Yong Ding , Chen Yi","doi":"10.1016/j.compeleceng.2024.109535","DOIUrl":null,"url":null,"abstract":"<div><p>Efficiently storing, searching, and extracting structured data such as network packets can significantly enhance cybersecurity analysis and artificial intelligence model training. This paper presents an efficient searchable double-compression method, PKTDC, which involves two processes: double compression and searchable decompression of specific packets. In double compression, PKTDC dynamically constructs an index to compress the searched data and then performs a second round of compression on this data and other payloads via a conventional algorithm. In searchable decompression, PKTDC reconstructs searchable packet information from the compressed data, partially decompresses the matched payloads, and stitches them together to restore the original packets. The experimental results show that PKTDC achieves up to 7.55% greater compression efficiency than LZMA2, reduces the search and decompression time by up to 21.6 times, reduces CPU usage by up to 5.51 times, and reduces memory usage by up to 2.9 times.</p></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"119 ","pages":"Article 109535"},"PeriodicalIF":4.9000,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790624004622","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Efficiently storing, searching, and extracting structured data such as network packets can significantly enhance cybersecurity analysis and artificial intelligence model training. This paper presents an efficient searchable double-compression method, PKTDC, which involves two processes: double compression and searchable decompression of specific packets. In double compression, PKTDC dynamically constructs an index to compress the searched data and then performs a second round of compression on this data and other payloads via a conventional algorithm. In searchable decompression, PKTDC reconstructs searchable packet information from the compressed data, partially decompresses the matched payloads, and stitches them together to restore the original packets. The experimental results show that PKTDC achieves up to 7.55% greater compression efficiency than LZMA2, reduces the search and decompression time by up to 21.6 times, reduces CPU usage by up to 5.51 times, and reduces memory usage by up to 2.9 times.

Abstract Image

查看原文本刊更多论文

网络取证和分析中可搜索网络数据包的双重压缩方法

有效地存储、搜索和提取网络数据包等结构化数据，可以大大提高网络安全分析和人工智能模型训练的效率。本文提出了一种高效的可搜索双重压缩方法--PKTDC，它包括两个过程：双重压缩和特定数据包的可搜索解压缩。在双重压缩中，PKTDC 动态构建一个索引来压缩搜索到的数据，然后通过传统算法对这些数据和其他有效载荷执行第二轮压缩。在可搜索解压缩中，PKTDC 从压缩数据中重建可搜索的数据包信息，对匹配的有效载荷进行部分解压缩，并将它们缝合在一起，以还原原始数据包。实验结果表明，PKTDC 的压缩效率比 LZMA2 提高了 7.55%，搜索和解压缩时间缩短了 21.6 倍，CPU 占用率降低了 5.51 倍，内存占用率降低了 2.9 倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.