Highly Space Efficient Blacklisting
Many recent mobile devices have CPU units comparable to desktop computers while the storage capacity they offer is significantly reduced, often by a factor of one hundred. This restriction is crucial for most current blacklisting solutions which have good performance but suffer from large memory consumption. In order to improve the situation, we propose a novel blacklisting solution operating on compressed lists. For compression, we adapt the tabular Quine-McCluskey algorithm based on the concept of reduced masks. This guarantees that the compressed blacklist is never larger than the original one. For l entries in the blacklist and k prime implicants with the highest degree n our optimized top-down reduction algorithm requires at most k + l + 2n memory instead of kl. Evaluations prove that the space efficient network address blacklisting on compressed data can save up to 74,43% memory space.
Unable to display preview. Download preview PDF.
- 1.Brayton, R.K.: Logic minimization algorithms for VLSI synthesis. Kluwer Academic (1984)Google Scholar
- 5.Herrero, A., Zurutuza, U., Corchado, E.: A neural-visualization ids for honeynet data. International Journal of Neural Systems 22(2) (2012)Google Scholar
- 6.Hlavička, J., Fišer, P.: Boom: A heuristic boolean minimizer. In: Proceedings of the 2001 IEEE/ACM International Conference on Computer-aided Design, pp. 439–442. IEEE (2001)Google Scholar
- 7.Jain, T.K., Kushwaha, D.S., Misra, A.K.: Optimization of the quine-mccluskey method for the minimization of the boolean expressions. In: Fourth International Conference on Autonomic and Autonomous Systems, ICAS 2008, pp. 165–168. IEEE (2008)Google Scholar
- 8.NiX Spam project. Dns-based blacklist of nix spam, http://www.dnsbl.manitu.net
- 9.Quine, W.V.: A way to simplify truth functions. American Mathematical Monthly, 627–631 (1955)Google Scholar
- 11.Thames, L., Abler, R., Keeling, D.: Bit vector algorithms enabling high-speed and memory-efficient firewall blacklisting. In: Proceedings of the 47th Annual Southeast Regional Conference, p. 22. ACM (2009)Google Scholar
- 12.The Internet Assigned Numbers Authority (IANA). Service name and transport protocol port number registry, http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
- 13.Theobald, M., Nowick, S.M., Wu, T.: Espresso-hf: A heuristic hazard-free minimizer for two-level logic. In: Proceedings of the 33rd Annual Design Automation Conference, pp. 71–76. ACM (1996)Google Scholar
- 14.Ullrich, J.: Dshield global worst offender list, https://feeds.dshield.org/block.txt
- 15.Zhang, J., Porras, P.A., Ullrich, J.: Highly predictive blacklisting. In: USENIX Security Symposium, pp. 107–122. ACM (2008)Google Scholar