• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.417-422
• /
• 2009

Implementation of DPI(Deep Packet Inspection) system on a general purpose multiprocessor platform is an attractive option from the implementation cost point of view, since it does not require high-cost customized hardware. Load balancing has been considered as a primary means to achieve high performance in multi processor systems. We claim, however, that in case of DPI system design simply balancing the load of each processor does not necessarily yield the highest system performance. Instead, we propose a method in which tasks are allocated to processors based on their functions. We implemented the proposed method in dual processor Linux system and compare its performance with the existing load balancing methods. Under the proposed method, one processor is dedicated to deal with interrupt handling and generic packet processing, while another processor is dedicated to DPI processing. According to experimental results, the proposed scheme outperforms the existing schemes by 60%, mainly because of the reduction of cache miss and spin lock occurrences.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.7
• /
• pp.433-439
• /
• 2014

This paper proposes an architecture of two-stage string matching engine with content-addressable memory(CAM) and parallel bit-split string matchers for deep packet inspection(DPI). Each long signature is divided into subpatterns with the same length, where subpatterns are mapped onto the CAM in the first stage. The long pattern is matched in the second stage using the sequence of the matching indexes from the CAM. By adopting CAM and bit-split string matchers, the memory requirements can be greatly reduced in the heterogeneous string matching environments.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.794-804
• /
• 2018

Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

• Electronics and Telecommunications Trends
• /
• v.19 no.3 s.87
• /
• pp.117-124
• /
• 2004

과거의 패킷 필터를 기반으로 하는 단순한 방화벽은 더 이상 지능적인 해커들을 방어할 수 없다. 가트너에 따르면 현재의 방화벽의 기술은 패킷 필터에서 Application Proxy, Stateful Inspection을 거쳐 DPI로 진화하고 있다고 한다. NIDS나 NIPS를 떠오르게 하는 DPI 방식은 차세대 방화벽의 기술로 인정 받고 많은 연구와 개발이 진행되고 있으며, 실제 제품으로도 선보이고 있다. 본 논문에서는 DPI 기술의 정의와 알고리듬, 그리고 발전 방향에 대해서 알아볼 것이다.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.133-141
• /
• 2014

An efficient method for reducing power consumption in pipelined deep packet inspection systems is proposed. It is based on the observation that the number of memory accesses is dominant for the power consumption and the number of accesses drops drastically as the input goes through stages of the pipelined AC-DFA. A DPI system is implemented where the operating frequency of the stages that are not frequently used in the pipeline is reduced to eliminate the waste of power consumption. The power consumption of the proposed DPI system is measured upon various input character set and up to 25% of reduction of total power consumption is obtained, compared to those of the recent DPI systems. The method can be easily applied to other pipelined architecture and string searching applications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1060-1063
• /
• 2012

기존의 네트워크 관문에서 트래픽을 검사하는 장치들은 Application 계층의 데이터를 검사할 수 없어 보안에 한계가 있다. 이를 보완하기 위해 Application 계층까지 패킷을 분석할 수 있는 Deep Packet Inspection (DPI)기술이 개발되어 보안 강화에 사용되고 있다. 하지만 기업에서 DPI 기술을 이용하여 고객의 개인정보를 무단으로 수집 및 이용하면서 DPI 기술에 따른 개인정보 침해가 우려된다, 본 논문에서는 DPI 기술을 통한 사용자 정보 수집 시 개별 사용자의 동의를 받을 수 있는 방안을 제안하며, 이를 통해 DPI 기술에 따른 사용자 개인정보 문제를 해결하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.180-181
• /
• 2014

서버 하드웨어 성능 향상과 가상화 소프트웨어 기술의 발달로 클라우드 컴퓨팅 환경은 꾸준히 확산되고 있으며, 이에 따라 인터넷 트래픽 또한 대용량화와 집중화가 진행 중이다. 이와 함께, 지속적인 DDoS 공격 및 사이버테러는 전자정부, 금융, 등 모든 조직을 대상으로 꾸준하게 일어나고 있다. 다양한 사이버테러 공격에 대응하고, 대용량 클라우드 서비스 트래픽을 정밀 분석 하는 정책서버 기반의 서비스별/사용자별/그룹별 트래픽 모니터링 및 제어 관리가 필요하다. 본 논문에서 이를 위한 오픈플로우 기반의 고성능 Open DPI(Deep Packet Inspection) 플랫폼 구조를 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.325-326
• /
• 2020

최근 5G의 영향으로 인터넷에 연결되는 사람과 기기가 더욱 증가하고 있고 새로운 사물인터넷(Internet of Things) 애플리케이션이 가능해짐에 따라 트래픽 양이 급증하고 있다. 그러나 국내의 많은 기업은 이러한 트래픽을 분석하기 위해 고비용의 외산 제품을 이용하고 있다. 그러나 이러한 제품은 네트워크상에서 처리되는 트래픽에 대한 통계 데이터를 저장하고 보여주는 것을 주된 목적으로 사용하고 있을 뿐 패킷을 자세하게 분석하기 어렵다는 단점이 있다. 따라서 본 논문에서는 대용량 트래픽 처리를 위한 효율적인 패킷 처리 엔진을 제안한다. 이 패킷 처리 엔진은 다수의 Core Process를 활용하여 시스템 자원을 최대한 활용할 수 있도록 하고, 멀티 프로세싱을 통하여 각 노드의 작업부하를 균등하게 유지함으로써 작업의 대기시간을 줄이고, 각 작업의 수행 시간을 최소화한다. 본 논문에서 제안하는 대용량 트래픽 처리를 위한 패킷 처리 엔진은 기존의 트래픽 처리를 수행하는 패킷 처리 엔진보다 고성능 컴퓨팅 시스템의 성능 향상 면에서 우수함을 보인다.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.317-326
• /
• 2010

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3804-3819
• /
• 2018

The increasing popularity of HTTP adaptive video streaming services has dramatically increased bandwidth requirements on operator networks, which attempt to shape their traffic through Deep Packet inspection (DPI). However, Google and certain content providers have started to encrypt their video services. As a result, operators often encounter difficulties in shaping their encrypted video traffic via DPI. This highlights the need for new traffic classification methods for encrypted HTTP adaptive video streaming to enable smart traffic shaping. These new methods will have to effectively estimate the quality representation layer and playout buffer. We present a new machine learning method and show for the first time that video quality representation classification for (YouTube) encrypted HTTP adaptive streaming is possible. The crawler codes and the datasets are provided in [43,44,51]. An extensive empirical evaluation shows that our method is able to independently classify every video segment into one of the quality representation layers with 97% accuracy if the browser is Safari with a Flash Player and 77% accuracy if the browser is Chrome, Explorer, Firefox or Safari with an HTML5 player.