Software Based Implementation Methodologies for Deep Packet Inspection

2011 International Conference on Information Science and Applications Pub Date : 2011-04-26 DOI:10.1109/ICISA.2011.5772430

Ajay Chaudhary, A. Sardana

{"title":"Software Based Implementation Methodologies for Deep Packet Inspection","authors":"Ajay Chaudhary, A. Sardana","doi":"10.1109/ICISA.2011.5772430","DOIUrl":null,"url":null,"abstract":"Deep Packet Inspection plays an important role for providing secure and congestion free network. It determines whether incoming traffic matches a database of signatures up to payload level, where each signature represents an attack, vulnerability, Virus, worm and even type of traffic. Other techniques like IDS/IPS etc uses only packet header information for decision making, while DPI is considers whole packet including payload for matching which provides better surveillance then other techniques. The problems that DPI system faces is low packet throughput, high memory requirement, latency and low accuracy at line speed of 10GbE/OC192.This paper reviews different software based approaches for efficient implementation of Deep Packet Inspection. A comparative study has been performed for these approaches on the basis of packet throughput and memory requirements. This paper is an attempt to exhaustively review existing techniques to addresses the probable research gaps. It then suggests a novel software based implementation of DPI to overcome the identified research gaps.","PeriodicalId":425210,"journal":{"name":"2011 International Conference on Information Science and Applications","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 International Conference on Information Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISA.2011.5772430","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Deep Packet Inspection plays an important role for providing secure and congestion free network. It determines whether incoming traffic matches a database of signatures up to payload level, where each signature represents an attack, vulnerability, Virus, worm and even type of traffic. Other techniques like IDS/IPS etc uses only packet header information for decision making, while DPI is considers whole packet including payload for matching which provides better surveillance then other techniques. The problems that DPI system faces is low packet throughput, high memory requirement, latency and low accuracy at line speed of 10GbE/OC192.This paper reviews different software based approaches for efficient implementation of Deep Packet Inspection. A comparative study has been performed for these approaches on the basis of packet throughput and memory requirements. This paper is an attempt to exhaustively review existing techniques to addresses the probable research gaps. It then suggests a novel software based implementation of DPI to overcome the identified research gaps.

查看原文本刊更多论文

基于软件的深度包检测实现方法

深度包检测对保证网络安全、无拥塞起着重要作用。它确定传入流量是否与签名数据库匹配，直至有效载荷级别，其中每个签名代表攻击，漏洞，病毒，蠕虫甚至流量类型。其他技术如IDS/IPS等只使用包头信息进行决策，而DPI则考虑整个包包括有效载荷进行匹配，从而提供比其他技术更好的监视。DPI系统在10GbE/OC192的线速下面临的问题是数据包吞吐量低、内存需求高、延迟和精度低。本文综述了有效实现深度包检测的不同软件方法。在分组吞吐量和内存需求的基础上，对这些方法进行了比较研究。本文试图详尽地回顾现有技术，以解决可能的研究差距。然后，它提出了一种新的基于软件的DPI实现，以克服已确定的研究差距。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 International Conference on Information Science and Applications

自引率

0.00%

发文量