A survey on deep packet inspection

Deep Packet Inspection (DPI) considered as one of the most important parts in content-aware network applications such as copyright enforcement, Intrusion detection system (IDS) and other applications will be discussed later. DPI rely on comparing to parts payload and signature (IP header). IT compares them with known signatures to decide if the packet is harmful (similar to any of attacks database signatures) and delete it or pass it through the network flow. it deals with the content below the 4th layer of the IP packet that includes source and destination ports, source and destination addresses and type of protocol. It classifies type of the application depending on its port number. For signature comparison, many algorithms are applied such as regular expressions (most popular) and others discussed later. Nowadays many applications rely on DPI for inspecting packets in network stream. This survey gives a brief idea about challenges in DPI and some of the design objectives. Then explaining in short words different matching algorithms with their limitations. At the end, some of the most popular techniques using DPI.