Slimming Down Deep Packet Inspection Systems
Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to th...
Saved in:
| Published in | IEEE INFOCOM Workshops 2009 pp. 1 - 6 |
|---|---|
| Main Authors | , , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.04.2009
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to the memory and processing power demands. DPI's accuracy mostly depends on string matching process and regular expression heuristics that go deep down on the packet payloads in a search for networked application signatures. As ISPs backbone links' speed and data volume soar, commodity hardware-based DPI systems start to face performance bottlenecks (e.g., packet losses), which interferes on traffic classification accuracy dramatically. In this paper we propose a lightweight DPI (LW-DPI) system that overcomes performance bottlenecks of traditional DPI systems, without a significant decrease on accuracy. We evaluate LW-DPI's accuracy by inspecting two factors: a limited number of full-payload packets in a given flow or a fraction of the packet payload. Our experiments were performed using more than 6TB of packet-level data from a large ISP and show that there is some interesting trade-offs between such factors and accuracy. Most flows can be classified with only their first 7 packets or a fraction of their payload. We also show that the impact on DPI's processing time may decrease around 75% as compared to analyzing all full-payload packets in a flow. |
|---|---|
| AbstractList | Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to the memory and processing power demands. DPI's accuracy mostly depends on string matching process and regular expression heuristics that go deep down on the packet payloads in a search for networked application signatures. As ISPs backbone links' speed and data volume soar, commodity hardware-based DPI systems start to face performance bottlenecks (e.g., packet losses), which interferes on traffic classification accuracy dramatically. In this paper we propose a lightweight DPI (LW-DPI) system that overcomes performance bottlenecks of traditional DPI systems, without a significant decrease on accuracy. We evaluate LW-DPI's accuracy by inspecting two factors: a limited number of full-payload packets in a given flow or a fraction of the packet payload. Our experiments were performed using more than 6TB of packet-level data from a large ISP and show that there is some interesting trade-offs between such factors and accuracy. Most flows can be classified with only their first 7 packets or a fraction of their payload. We also show that the impact on DPI's processing time may decrease around 75% as compared to analyzing all full-payload packets in a flow. |
| Author | Fernandes, S. Westholm, T. Lacerda, T. Sadok, D. Santos, A. Antonello, R. |
| Author_xml | – sequence: 1 givenname: S. surname: Fernandes fullname: Fernandes, S. organization: SITE, Univ. of Ottawa, Ottawa, ON – sequence: 2 givenname: R. surname: Antonello fullname: Antonello, R. – sequence: 3 givenname: T. surname: Lacerda fullname: Lacerda, T. – sequence: 4 givenname: A. surname: Santos fullname: Santos, A. – sequence: 5 givenname: D. surname: Sadok fullname: Sadok, D. – sequence: 6 givenname: T. surname: Westholm fullname: Westholm, T. |
| BookMark | eNotj11LwzAYhQM60M79Ar3ID7A1H02a91I6p4XphA30bqTpW4muaVkKY__eiTtweC4OPHASchn6gITccZZxzuCheluUq9ePTDAGmWKF4MZckITnIs8laPM5IcnfBqcafUVmMX6zU5QyOdfX5H69813nwxed94dA54gDfbfuB0dahTigG30f6PoYR-ziDZm0dhdxduaUbBZPm_IlXa6eq_JxmXpgY6paDtI01hWsdlJIrpkAgU5D09YSmOW5sbLRgOgaq2ortdXoiqLGVoHickpu_7UeEbfD3nd2f9yez8lf-i1FKQ |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/INFCOMW.2009.5072188 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library Online IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EndPage | 6 |
| ExternalDocumentID | 5072188 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AARBI ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IERZE OCL RIE RIL |
| ID | FETCH-LOGICAL-i90t-5f1938dac70bc323160292ec69dfb390a148a3d69eecda5ba36a6ec77bef59513 |
| IEDL.DBID | RIE |
| ISBN | 142443968X 9781424439683 |
| IngestDate | Wed Jun 26 19:19:04 EDT 2024 |
| IsPeerReviewed | false |
| IsScholarly | true |
| LCCN | 2009900986 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-5f1938dac70bc323160292ec69dfb390a148a3d69eecda5ba36a6ec77bef59513 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_5072188 |
| PublicationCentury | 2000 |
| PublicationDate | 2009-April |
| PublicationDateYYYYMMDD | 2009-04-01 |
| PublicationDate_xml | – month: 04 year: 2009 text: 2009-April |
| PublicationDecade | 2000 |
| PublicationTitle | IEEE INFOCOM Workshops 2009 |
| PublicationTitleAbbrev | INFCOMW |
| PublicationYear | 2009 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000558416 |
| Score | 1.884862 |
| Snippet | Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Computer networks Inspection Intrusion detection Payloads Performance loss Quality of service Spine Telecommunication traffic Throughput Web and internet services |
| Title | Slimming Down Deep Packet Inspection Systems |
| URI | https://ieeexplore.ieee.org/document/5072188 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEG6Qkyc1YHynB48sdLe0255BAiYgiRi5kT6mCVEWYpaLv952HxiNB29t0zTTTJqZzsz3DUL3Xq2WSHCRsjKJvL01kRCgo-DvM4h5mpgQ0J_O-Pil_7hkywbqHLAwAFAUn0E3DItcvt2afQiV9Vgg8xLiCB2lUpZYrUM8hTAWMmg1dotKLpY1pVM1pxV0LiayN5mNBk_T15Kwsjr3R4OVwr6MTtC0lqwsK3nr7nPdNZ-_SBv_K_opan8j-fD8YKPOUAOyFuo8v683Gz_HQ_8Hx0OAHZ4r_5xzPMlK6OU2wxWXeRstRg-LwTiquiZEa0nyiDnvkgmrTEq0od574ySRCRgurdNUEuX_P4paLgGMVUwryhUHk6YaHPPuFj1HzWybwQXCJqZCOEecorQvQ5MOJfxWpSxTKfThErXCRVe7khdjVd3x6u_la3RcZ2JIfIOa-ccebr1Bz_VdockvE8ubjA |
| link.rule.ids | 310,311,783,787,792,793,799,27937,55086 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEG4QD3pSA8a3e_DIQndLu-0ZJKAskoiRG-ljNiHKQsxy8dfb7gOj8eCtbZqmzaSZrzP9vkHozprVYAGJL40Ifetvtc85KN_hfQoBi0LtAvrxhA1fug9zOq-h1o4LAwD55zNou2aeyzdrvXWhsg51Yl6c76F9i6s5K9hau4gKptTl0Cr2FhGMzytRp7JPSvJcgEVnNBn0nuLXQrKyXPlHiZXcwwyOUFztrfhY8tbeZqqtP3_JNv5388eo-c3l86Y7L3WCapA2UOv5fbla2b7Xt69wrw-w8abSXujMG6UF-XKdeqWaeRPNBvez3tAv6yb4S4EznyYWlHEjdYSVJha_MRyKEDQTJlFEYGlfQJIYJgC0kVRJwiQDHUUKEmoBFzlF9XSdwhnydEA4TxKcSEK6wpXpkNxOldJQGUEXzlHDHXSxKZQxFuUZL_4evkUHw1k8XoxHk8dLdFjlZXBwherZxxaurXvP1E1u1S9s8p7X |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=IEEE+INFOCOM+Workshops+2009&rft.atitle=Slimming+Down+Deep+Packet+Inspection+Systems&rft.au=Fernandes%2C+S.&rft.au=Antonello%2C+R.&rft.au=Lacerda%2C+T.&rft.au=Santos%2C+A.&rft.date=2009-04-01&rft.pub=IEEE&rft.isbn=9781424439683&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FINFCOMW.2009.5072188&rft.externalDocID=5072188 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781424439683/lc.gif&client=summon&freeimage=true |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781424439683/mc.gif&client=summon&freeimage=true |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781424439683/sc.gif&client=summon&freeimage=true |