Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Design and evaluation of deep packet inspection system: a case study

Design and evaluation of deep packet inspection system: a case study

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Networks — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

  • Author(s): M.-Y. Liao 1 ; M.-Y. Luo 2 ; C.-S. Yang 1 ; C.-H. Chen 3 ; P.-C. Wu 3 ; Y.-W. Chen 1
    • View affiliations
    • Affiliations: 1: Institute of Computer and Communication Engineering, Department of Electrical Engineering, National Cheng Kung University, Taiwan
      2: Department of Computer Science and Information Engineering, National Kaohsiung University of Applied Sciences, Taiwan
      3: Department of Computer Science and Engineering, National Sun Yat-sen University, Taiwan
  • Source: Volume 1, Issue 1, March 2012, p. 2 – 9
    DOI:  10.1049/iet-net.2011.0048 , Print ISSN 2047-4954, Online ISSN 2047-4962
© The Institution of Engineering and Technology
Published

An increasing number of Internet applications and services render network management more troublesome for bandwidth misuse and security concern. As a result, network traffic identification plays an increasingly important role in network management. Deep packet inspection (DPI) is one of the effective approaches. Conventional network devices lookup the header of a packet, but DPI means the network device is required to match a pattern in the payload of a packet. This study proposes a DPI system and WMT (Wu-Manber with trie) algorithm to classify popular network services; The Net-DPIS is developed based on Netfilter framework in Linux kernel. The authors show how to rearrange the rule policies to increase the performance of Net-DPIS. In the results, the authors show that WMT algorithm is faster than WM algorithm; Net-DPIS has higher average accuracy and performance than L7-filter.

Inspec keywords: telecommunication traffic; computer network security; computer network management; Internet

Other keywords: network traffic identification; network management; bandwidth misuse; network security; Internet applications; Net-DPIS; deep packet inspection system; Wu-Manber with trie algorithm; Netfilter framework; Linux kernel

Subjects: Network management; Other computer networks; Data security; Computer communications

References

    1. 1)
    2. 2)
      • Sen, S., Spatscheck, O., Wang, D.M.: `Accurate, scalable in-network identification of P2P traffic using application signatures', Proc. 13th Int. Conf. on World Wide Web, 2004, p. 512–521.
    3. 3)
      • Hsu, Y.S.: `Analysis and impact evaluation of random change of network flow of communication port', 2008, Master, National Sun Yat-sen University, Taiwan.
    4. 4)
      • T. Herbert . (2006) The Linux TCP/IP stack: networking for embedded systems.
    5. 5)
      • Spognardi, A., Lucarelli, A., Pietro, R.D.: `A methodology for P2P file-sharing traffic detection', Proc. Second Int. Workshop on Hot Topics in Peer-to-Peer Systems, 2005, p. 52–61.
    6. 6)
      • Rajkumar, K.V., Vaidehi, V., Pradeep, S., Srinivasan, N., Vanishree, M.: `Application level IDS using protocol analysis', Int. Conf. on Signal Processing, Communications and Networking, 2007, p. 355–359.
    7. 7)
      • Madhukar, A., Williamson, C.: `A longitudinal study of P2P traffic classification', Proc. of the 14th IEEE Int. Symp. on Modeling, Analysis, and Simulation, 2006, p. 179–188.
    8. 8)
      • K. Wehrle , F. Pahlke , H. Ritter , D. Muller , M. Bechler . (2004) Linux networking architecture.
    9. 9)
      • Tan, L., Sherwood, T.: `Architectures for bit-split string scanning in intrusion detection', IEEE Micro Micro's Top Picks from Computer Architecture Conf., January–February 2006.
    10. 10)
      • Y. Kulbak , D. Bickson . The eMule protocol specification.
    11. 11)
      • Commentz-Walter, B.: `A string matching algorithm fast on the average', Proc. Sixth Colloquium, on Automata, Languages and Programming, 1979, p. 118–132.
    12. 12)
      • Yang, C.S., Liao, M.Y., Luo, M.Y., Wang, S.M., Yeh, C.E.: `A network management system based on DPI', Int. Conf. on 13th Network-Based Information Systems (NBiS), 2010, p. 385–388.
    13. 13)
    14. 14)
    15. 15)
      • Moore, A.W., Papagiannaki, K.: `Toward the accurate identification of network applications', Proc. Passive and Active Network Measurement, 2005, p. 41–543.
    16. 16)
      • Bro: http://bro-ids.org/, accessed December 2011.
    17. 17)
      • Netperf: http://www.netperf.org/netperf/, accessed December 2011.
    18. 18)
      • B.C. Brodie , R.K. Cytron , D.E. Taylor . (2006) A scalable architecture for high-throughput regular-expression pattern matching.
    19. 19)
      • Application Layer Packet Classifier for Linux: http://l7-filter.source forge.net/, accessed December 2011.
    20. 20)
      • Piyachon, P., Luo, Y.: `Efficient memory utilization on network processors for deep packet inspection', ACM Symp. on Architecture for Network and Communication Systems, December 2006, San Jose, CA.
    21. 21)
      • Fisk, M., Varghese, G.: `Fast content-based packet handling for intrusion detection', CS2001-0670, Technology Report, 2001.
    22. 22)
      • Shishlov, A.E.: Promiscuous patch for Linux Kernel 2.4.
    23. 23)
      • Z. Li , N. Yu , Y. Li . Asynchronous parallel finite automaton: a new mechanism for deep packet inspection in cloud computing. J. Internet Technol. , 2 , 269 - 277
    24. 24)
      • Netfilter: http://www.netfilter.org/, accessed December 2011.
    25. 25)
      • Cisco Systems: ‘Cisco ASA 5505 adaptive security appliance’, 2007. http://www.cisco.com, last accessed December 2011.
    26. 26)
    27. 27)
      • Kumar, S., Dharmapurikar, S., Crowley, P., Turner, J., Yu, F.: `Algorithms to accelerate multiple regular expression matching for deep packet inspection', SIGCOMM, September 2006, Pisa, Italy.
    28. 28)
      • D. Knuth . (1997) The art of computer programming: semi-numerical algorithms.
    29. 29)
      • Ding, A.L., Zhao, X.M., Jiao, L.C.: `Traffic flow time series prediction based on statistics learning theory', IEEE Fifth Int. Conf. on Intelligent Transportation Systems, 2002, p. 727–730.
    30. 30)
      • IPP2P: http://www.ipp2p.org/, accessed December 2011.
    31. 31)
      • Tcpdump/Libpcap: http://www.tcpdump.org/, accessed December 2011.
    32. 32)
      • Zheng, J., Xu, Y.: `Identification of network traffic based on support vector machine', Int. Conf. on Advanced Computer Theory and Engineering (ICACTE), 2010, p. V3-286–V3-290.
    33. 33)
      • Linux kernel: http://www.kernel.org/, accessed December 2011.
    34. 34)
      • Net-SNMP, available on http://www.net-snmp.org/, accessed December 2011.
    35. 35)
    36. 36)
    37. 37)
      • Snort: http://www.Snort.org/, accessed December 2011.
    38. 38)
      • Wu, S., Manber, U.: `A fast algorithm for multi-pattern searching', TR-94-17, Technical, 1994.
    39. 39)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-net.2011.0048
Loading

Related content

content/journals/10.1049/iet-net.2011.0048
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address