Performance of OpenDPI to identify truncated network traffic

The identification of the nature of the traffic flowing through a TCP/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.

[1]  Jing Shi,et al.  P2P-based weighted behavioral characteristics of deep packet inspection algorithm , 2010, 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering.

[2]  Giuseppe Aceto,et al.  PortLoad: Taking the Best of Two Worlds in Traffic Classification , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[3]  Dario Rossi,et al.  Stochastic Packet Inspection for TCP Traffic , 2010, 2010 IEEE International Conference on Communications.

[4]  Stefano Giordano,et al.  Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems , 2010, 2010 IEEE International Conference on Communications.

[5]  Tsern-Huei Lee,et al.  Using String Matching for Deep Packet Inspection , 2008, Computer.

[6]  Albert Cabellos-Aparicio,et al.  Analysis of the impact of sampling on NetFlow traffic classification , 2011, Comput. Networks.

[7]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[8]  Adarsha Rao,et al.  A hardware accelerated system for deep packet inspection , 2010, Eighth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010).

[9]  Xin Zhou,et al.  Design of P2P Traffic Identification Based on DPI and DFI , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[10]  Ryszard Erazm Jurga,et al.  Packet Sampling for Network Monitoring , 2007 .

[11]  Mohammad Reza Khayyambashi,et al.  Real-Time Traffic Classification Based on Statistical and Payload Content Features , 2010, 2010 2nd International Workshop on Intelligent Systems and Applications.

[12]  Rafael Antonello,et al.  Slimming Down Deep Packet Inspection Systems , 2009, IEEE INFOCOM Workshops 2009.

[13]  Viktor K. Prasanna,et al.  High Performance Dictionary-Based String Matching for Deep Packet Inspection , 2010, 2010 Proceedings IEEE INFOCOM.