Title :
Software Based Implementation Methodologies for Deep Packet Inspection
Author :
Chaudhary, Ajay ; Sardana, Anjali
Author_Institution :
Dept. of Electron. & Comput. Eng., Indian Inst. of Technol. Roorkee, Roorkee, India
Abstract :
Deep Packet Inspection plays an important role for providing secure and congestion free network. It determines whether incoming traffic matches a database of signatures up to payload level, where each signature represents an attack, vulnerability, Virus, worm and even type of traffic. Other techniques like IDS/IPS etc uses only packet header information for decision making, while DPI is considers whole packet including payload for matching which provides better surveillance then other techniques. The problems that DPI system faces is low packet throughput, high memory requirement, latency and low accuracy at line speed of 10GbE/OC192. This paper reviews different software based approaches for efficient implementation of Deep Packet Inspection. A comparative study has been performed for these approaches on the basis of packet throughput and memory requirements. This paper is an attempt to exhaustively review existing techniques to addresses the probable research gaps. It then suggests a novel software based implementation of DPI to overcome the identified research gaps.
Keywords :
computer network security; software engineering; DPI system; congestion free network; deep packet inspection; memory requirement; software based implementation methodology; Algorithm design and analysis; Approximation algorithms; Automata; Complexity theory; Inspection; Pattern matching; Protocols;
Conference_Titel :
Information Science and Applications (ICISA), 2011 International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4244-9222-0
Electronic_ISBN :
978-1-4244-9223-7
DOI :
10.1109/ICISA.2011.5772430
