P4CTM: Compressed Traffic Pattern Matching Based on Programmable Data Plane.

Pattern matching is an important technology applied to many security applications. Most network service providers choose to compress network traffic for better transmission, which brings the challenges of compressed traffic matching. However, existing works focus on improving the performance of uncompressed traffic matching or only realize the compressed traffic matching on end-host that can not keep pace with the dramatic increase in traffic. In this paper, we present P4CTM, a proof-of-concept method to conduct efficient compressed traffic matching on the programmable data plane. P4CTM uses the two-stage scan scheme to skip some bytes of compressed traffic, the 2-stride DFA combines with the compression algorithm to condense the state space, and the wildcard match to downsize the match action tables in the programmable data plane. The experiment indicates that P4CTM skips 83.10% bytes of compressed traffic, condenses the state space by order of magnitude, and reduces most of the table entries.