ANTI: An Adaptive Network Traffic Indexing Algorithm for High-speed Networks

Network packets record communication behaviors and details, which is important for security audits, attack detection, and forensic analysis. For the effectiveness and timeliness of security analysis, it is necessary to fully store network packets and build an efficient packet index. However, the existing packet indexing algorithms based on the radix tree ignore the distribution characteristics of network traffic and use internal nodes with the same capacity for index construction, resulting in wasted disk space and poor retrieval performance. As a solution, we propose ANTI, an adaptive network traffic indexing algorithm similar to Adaptive Radix Tree, which can adaptively switch internal nodes with different capacity according to the density of network traffic and compress the common prefix and distinct suffix of traffic attributes to balance the index construction performance and space utilization. We also implement a packet-aware network traffic archiving and indexing system to achieve full packet archival, efficient indexing, and fast retrieval. Finally, we empirically evaluate ANTI in IPv4 (IPv6) traffic scenarios, and the results confirm the effectiveness of ANTI as well as the benefit of adopting ANTI for enhancing indexing and retrieval performance compared with other state-of-art algorithms.