Design and evaluation of deep packet inspection system: a case study
Design and evaluation of deep packet inspection system: a case study
- Author(s): M.-Y. Liao ; M.-Y. Luo ; C.-S. Yang ; C.-H. Chen ; P.-C. Wu ; Y.-W. Chen
- DOI: 10.1049/iet-net.2011.0048
For access to this article, please select a purchase option:
Buy article PDF
Buy Knowledge Pack
IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.
Thank you
Your recommendation has been sent to your librarian.
- Author(s): M.-Y. Liao 1 ; M.-Y. Luo 2 ; C.-S. Yang 1 ; C.-H. Chen 3 ; P.-C. Wu 3 ; Y.-W. Chen 1
-
-
View affiliations
-
Affiliations:
1: Institute of Computer and Communication Engineering, Department of Electrical Engineering, National Cheng Kung University, Taiwan
2: Department of Computer Science and Information Engineering, National Kaohsiung University of Applied Sciences, Taiwan
3: Department of Computer Science and Engineering, National Sun Yat-sen University, Taiwan
-
Affiliations:
1: Institute of Computer and Communication Engineering, Department of Electrical Engineering, National Cheng Kung University, Taiwan
- Source:
Volume 1, Issue 1,
March 2012,
p.
2 – 9
DOI: 10.1049/iet-net.2011.0048 , Print ISSN 2047-4954, Online ISSN 2047-4962
An increasing number of Internet applications and services render network management more troublesome for bandwidth misuse and security concern. As a result, network traffic identification plays an increasingly important role in network management. Deep packet inspection (DPI) is one of the effective approaches. Conventional network devices lookup the header of a packet, but DPI means the network device is required to match a pattern in the payload of a packet. This study proposes a DPI system and WMT (Wu-Manber with trie) algorithm to classify popular network services; The Net-DPIS is developed based on Netfilter framework in Linux kernel. The authors show how to rearrange the rule policies to increase the performance of Net-DPIS. In the results, the authors show that WMT algorithm is faster than WM algorithm; Net-DPIS has higher average accuracy and performance than L7-filter.
Inspec keywords: telecommunication traffic; computer network security; computer network management; Internet
Other keywords:
Subjects: Network management; Other computer networks; Data security; Computer communications
References
-
-
1)
- A.V. Aho , M.J. Corasick . Efficient string matching: an aid to bibliographic search. Commun. ACM , 6 , 333 - 340
-
2)
- Sen, S., Spatscheck, O., Wang, D.M.: `Accurate, scalable in-network identification of P2P traffic using application signatures', Proc. 13th Int. Conf. on World Wide Web, 2004, p. 512–521.
-
3)
- Hsu, Y.S.: `Analysis and impact evaluation of random change of network flow of communication port', 2008, Master, National Sun Yat-sen University, Taiwan.
-
4)
- T. Herbert . (2006) The Linux TCP/IP stack: networking for embedded systems.
-
5)
- Spognardi, A., Lucarelli, A., Pietro, R.D.: `A methodology for P2P file-sharing traffic detection', Proc. Second Int. Workshop on Hot Topics in Peer-to-Peer Systems, 2005, p. 52–61.
-
6)
- Rajkumar, K.V., Vaidehi, V., Pradeep, S., Srinivasan, N., Vanishree, M.: `Application level IDS using protocol analysis', Int. Conf. on Signal Processing, Communications and Networking, 2007, p. 355–359.
-
7)
- Madhukar, A., Williamson, C.: `A longitudinal study of P2P traffic classification', Proc. of the 14th IEEE Int. Symp. on Modeling, Analysis, and Simulation, 2006, p. 179–188.
-
8)
- K. Wehrle , F. Pahlke , H. Ritter , D. Muller , M. Bechler . (2004) Linux networking architecture.
-
9)
- Tan, L., Sherwood, T.: `Architectures for bit-split string scanning in intrusion detection', IEEE Micro Micro's Top Picks from Computer Architecture Conf., January–February 2006.
-
10)
- Y. Kulbak , D. Bickson . The eMule protocol specification.
-
11)
- Commentz-Walter, B.: `A string matching algorithm fast on the average', Proc. Sixth Colloquium, on Automata, Languages and Programming, 1979, p. 118–132.
-
12)
- Yang, C.S., Liao, M.Y., Luo, M.Y., Wang, S.M., Yeh, C.E.: `A network management system based on DPI', Int. Conf. on 13th Network-Based Information Systems (NBiS), 2010, p. 385–388.
-
13)
- S. Dharmapurikar , J. Lockwood . Fast and scalable pattern matching for network intrusion detection systems. IEEE J. Sel. Areas Commun. , 10 , 1781 - 1792
-
14)
- R.S. Boyer , J.S. Moore . A fast string searching algorithm. Commun. ACM , 10 , 761 - 772
-
15)
- Moore, A.W., Papagiannaki, K.: `Toward the accurate identification of network applications', Proc. Passive and Active Network Measurement, 2005, p. 41–543.
-
16)
- Bro: http://bro-ids.org/, accessed December 2011.
-
17)
- Netperf: http://www.netperf.org/netperf/, accessed December 2011.
-
18)
- B.C. Brodie , R.K. Cytron , D.E. Taylor . (2006) A scalable architecture for high-throughput regular-expression pattern matching.
-
19)
- Application Layer Packet Classifier for Linux: http://l7-filter.source forge.net/, accessed December 2011.
-
20)
- Piyachon, P., Luo, Y.: `Efficient memory utilization on network processors for deep packet inspection', ACM Symp. on Architecture for Network and Communication Systems, December 2006, San Jose, CA.
-
21)
- Fisk, M., Varghese, G.: `Fast content-based packet handling for intrusion detection', CS2001-0670, Technology Report, 2001.
-
22)
- Shishlov, A.E.: Promiscuous patch for Linux Kernel 2.4.
-
23)
- Z. Li , N. Yu , Y. Li . Asynchronous parallel finite automaton: a new mechanism for deep packet inspection in cloud computing. J. Internet Technol. , 2 , 269 - 277
-
24)
- Netfilter: http://www.netfilter.org/, accessed December 2011.
-
25)
- Cisco Systems: ‘Cisco ASA 5505 adaptive security appliance’, 2007. http://www.cisco.com, last accessed December 2011.
-
26)
- A. Wagner , T. Dubendorfer , L. Hammerle , B. Plattner . Flow-based identification of P2P Heavy-Hitters. Internet Surveillance and Protection , 15 - 21
-
27)
- Kumar, S., Dharmapurikar, S., Crowley, P., Turner, J., Yu, F.: `Algorithms to accelerate multiple regular expression matching for deep packet inspection', SIGCOMM, September 2006, Pisa, Italy.
-
28)
- D. Knuth . (1997) The art of computer programming: semi-numerical algorithms.
-
29)
- Ding, A.L., Zhao, X.M., Jiao, L.C.: `Traffic flow time series prediction based on statistics learning theory', IEEE Fifth Int. Conf. on Intelligent Transportation Systems, 2002, p. 727–730.
-
30)
- IPP2P: http://www.ipp2p.org/, accessed December 2011.
-
31)
- Tcpdump/Libpcap: http://www.tcpdump.org/, accessed December 2011.
-
32)
- Zheng, J., Xu, Y.: `Identification of network traffic based on support vector machine', Int. Conf. on Advanced Computer Theory and Engineering (ICACTE), 2010, p. V3-286–V3-290.
-
33)
- Linux kernel: http://www.kernel.org/, accessed December 2011.
-
34)
- Net-SNMP, available on http://www.net-snmp.org/, accessed December 2011.
-
35)
- R.T. Liu , N.F. Huang , C.H. Chen , C.N. Kao . A fast string matching algorithm for network processor-based intrusion detection system. ACM Trans. Embedded Comput. Syst. , 3 , 614 - 633
-
36)
- S. Sen , J. Wang . Analyzing peer-to-peer traffic across large networks. IEEE/ACM Trans. Netw. , 2 , 219 - 232
-
37)
- Snort: http://www.Snort.org/, accessed December 2011.
-
38)
- Wu, S., Manber, U.: `A fast algorithm for multi-pattern searching', TR-94-17, Technical, 1994.
-
39)
- P.C. Lin , Y.D. Lin , Y.C. Lai , T.H. Lee . Using string matching for deep packet inspection. IEEE Comput. , 4 , 23 - 28
-
1)