Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
IEEE Spectrum
Integration of the IMS/PCC framework into the mobile WiMAX network
IEEE Communications Magazine
Advanced network monitoring brings life to the awareness plane
IEEE Communications Magazine
Lawful Interception: The mechanics of lawful interception
Network Security
Multi-gigabit traffic identification on GPU
Proceedings of the first edition workshop on High performance and programmable networking
Hi-index | 0.00 |
Internet Service Providers (ISP) have been recently relying on Deep Packet Inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to the memory and processing power demands. DPI's accuracy mostly depends on string matching process and regular expression heuristics that go deep down on the packet payloads in a search for networked application signatures. As ISPs backbone links' speed and data volume soar, commodity hardware-based DPI systems start to face performance bottlenecks (e.g., packet losses), which interferes on traffic classification accuracy dramatically. In this paper we propose a lightweight DPI (LW-DPI) system that overcomes performance bottlenecks of traditional DPI systems, without a significant decrease on accuracy. We evaluate LW-DPI's accuracy by inspecting two factors: a limited number of full-payload packets in a given flow or a fraction of the packet payload. Our experiments were performed using more than 6TB of packet-level data from a large ISP and show that there is some interesting trade-offs between such factors and accuracy. Most flows can be classified with only their first 7 packets or a fraction of their payload. We also show that the impact on DPI's processing time may decrease around 75% as compared to analyzing all full-payload packets in a flow.