Visible to the public Research and Implementation of Efficient DPI Engine Base on DPDK

TitleResearch and Implementation of Efficient DPI Engine Base on DPDK
Publication TypeConference Paper
Year of Publication2021
AuthorsYue, Ren, Miao, Chen, Bo, Li, Xueyuan, Wang, Xingzhi, Li, Zijun, Liao
Conference Name2021 China Automation Congress (CAC)
KeywordsAutomation, deep packet inspection, DPDK, flow identification, Hardware, hyperscan, Internet, Memory management, Network interfaces, pubcrawl, regular matching, resilience, Resiliency, Scalability, security, telecommunication traffic
AbstractWith the rapid development of the Internet, network traffic is becoming more complex and diverse. At the same time, malicious traffic is growing. This seriously threatens the security of networks and information. However, the current DPI (Deep Packet Inspect) engine based on x86 architecture is slow in monitoring speed, which cannot meet the needs. Generally, two factors affect the detection rate: CPU and memory; The efficiency of data packet acquisition, and multi regular expression matching. Under these circumstances, this paper presents an efficient implementation of the DPI engine based on a generic x86 platform. DPDK is used as the platform of network data packets acquisition and processing. Using the multi-queue of the NIC (network interface controller) and the customized symmetric RSS key, the network traffic is divided and reorganized in the form of conversation. The core of traffic identification is hyperscan, which uses a flow pattern to match the packets load of a single conversation efficiently. It greatly reduces memory requirements. The method makes full use of the system resources and takes into account the advantages of high efficiency of hardware implementation. And it has a remarkable improvement in the efficiency of recognition.
DOI10.1109/CAC53003.2021.9727422
Citation Keyyue_research_2021