Title :
Design and evaluation of deep packet inspection system: A case study
Author :
Liao, M.-Y. ; Luo, Mon-Yen ; Yang, Chun-Sheng ; Chen, Chun-Hung ; Wu, Pei-Ci ; Chen, Yen-Chi
Author_Institution :
Dept. of Electr. Eng., Nat. Cheng Kung Univ., Tainan, Taiwan
fDate :
3/1/2012 12:00:00 AM
Abstract :
An increasing number of Internet applications and services render network management more troublesome for bandwidth misuse and security concern. As a result, network traffic identification plays an increasingly important role in network management. Deep packet inspection (DPI) is one of the effective approaches. Conventional network devices lookup the header of a packet, but DPI means the network device is required to match a pattern in the payload of a packet. This study proposes a DPI system and WMT (Wu-Manber with trie) algorithm to classify popular network services; The Net-DPIS is developed based on Netfilter framework in Linux kernel. The authors show how to rearrange the rule policies to increase the performance of Net-DPIS. In the results, the authors show that WMT algorithm is faster than WM algorithm; Net-DPIS has higher average accuracy and performance than L7-filter.
Keywords :
Internet; computer network management; computer network security; telecommunication traffic; Internet applications; Linux kernel; Net-DPIS; Netfilter framework; Wu-Manber with trie algorithm; bandwidth misuse; deep packet inspection system; network management; network security; network traffic identification;
Journal_Title :
Networks, IET
DOI :
10.1049/iet-net.2011.0048
