Intrusion analysis with deep packet inspection: Increasing efficiency of packet based investigations

Cloud computing´s distributed architecture helps ensure service resilience and robustness. However, cloud architectures also increase dynamic data communications which inherently increases security risks. Examination of industry practice has revealed that increased data volume, as a result of increased communication, diminishes the efficiency of deep packet inspections (DPI). DPI is essential in protecting the cloud against malicious threats such as web exploits, zeroday attacks, data exfiltration, and malware based botnets. In this paper, we evaluate the effectiveness of a new utility that was developed to improve retrospective packet analysis which was tested against actual data center traffic from a large regional Internet Access Provider providing cloud services. Blitzdump is a lightning fast network data packet capture utility developed to improve network intrusion detection through deep packet inspection analysis. Implementation results indicate it outperformed existing techniques, in terms of query function performance, that ultimately improved efficiency in query responses by up to 6000%. Blitzdump reduces security risks by increasing the technical performance of intrusion detection to improve the security practitioner´s productivity and effectiveness.