PGSM-DPI: Precisely Guided Signature Matching of Deep Packet Inspection for Traffic Analysis
Title | PGSM-DPI: Precisely Guided Signature Matching of Deep Packet Inspection for Traffic Analysis |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Yan, Haonan, Li, Hui, Xiao, Mingchi, Dai, Rui, Zheng, Xianchun, Zhao, Xingwen, Li, Fenghua |
Conference Name | 2019 IEEE Global Communications Conference (GLOBECOM) |
Publisher | IEEE |
ISBN Number | 978-1-7281-0962-6 |
Keywords | deep packet inspection, feature extraction, Forestry, Inspection, Mathematical model, Optimization, Protocols, pubcrawl, resilience, Resiliency, Scalability, supervised learning |
Abstract | In the field of network traffic analysis, Deep Packet Inspection (DPI) technology is widely used at present. However, the increase in network traffic has brought tremendous processing pressure on the DPI. Consequently, detection speed has become the bottleneck of the entire application. In order to speed up the traffic detection of DPI, a lot of research works have been applied to improve signature matching algorithms, which is the most influential factor in DPI performance. In this paper, we present a novel method from a different angle called Precisely Guided Signature Matching (PGSM). Instead of matching packets with signature directly, we use supervised learning to automate the rules of specific protocol in PGSM. By testing the performance of a packet in the rules, the target packet could be decided when and which signatures should be matched with. Thus, the PGSM method reduces the number of aimless matches which are useless and numerous. After proposing PGSM, we build a framework called PGSM-DPI to verify the effectiveness of guidance rules. The PGSM-DPI framework consists of PGSM method and open source DPI library. The framework is running on a distributed platform with better throughput and computational performance. Finally, the experimental results demonstrate that our PGSM-DPI can reduce 59.23% original DPI time and increase 21.31% throughput. Besides, all source codes and experimental results can be accessed on our GitHub. |
URL | https://ieeexplore.ieee.org/document/9013941 |
DOI | 10.1109/GLOBECOM38437.2019.9013941 |
Citation Key | yan_pgsm-dpi_2019 |