PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC

Jawad Khalife, Amjad Hajjar, Jesús Díaz-Verdejo

Abstract

The identification of the nature of the traffic flowing through a TCP/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.

References

  1. Aceto, G., Dainotti, A., de Donato, W., Pescapé, A., 2010. PortLoad: taking the best of two worlds in traffic classification, In Proc. of IEEE INFOCOM 2010.
  2. Allot Communications, 2007. Digging Deeper Into Deep Packet Inspection (DPI). White paper. Available at http://www.dpacket.org
  3. Carela-Español, V., Barlet-Ros, P., Cabellos-Aparicio, A., Solé-Pareta, J., 2010. Analysis of the impact of sampling on NetFlow traffic classification, Computer Network (In press), Elsevier.
  4. Dehghani, F., Movahhedinia, N., Khayyambashi, M. R., Kianian, S., 2010. Real-time Traffic Classification Based on Statistical and Payload Content Features, In Proc. IWISA 2010, pp. 1-4.
  5. Fernandes, S., Antonello, R., Lacerda, T., Santos, A., Sadok, D., Westholm, T., 2009. Slimming Down Deep Packet Inspection Systems, In Proc. INFOCOM Workshops 2009, pp. 1-6.
  6. Ficara, D., Antichi, G., Di Pietro, A., Giordano, S., Procissi, G., Vitucci, F., 2010. Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems, In Proc. 2010 ICC2010, pp. 1-5.
  7. Ipoque, 2011. http://www.ipoque.com/
  8. Jurga, R. E., Hulbój, M. M., 2008. Packet Sampling for Network Monitoring, Technical Report, CERN | HP Procurve openlab project. Available at http://www.zd netasia.com/whitepaper/packet-sampling-for-networkmonitoring_wp-1828217.htm
  9. La Mantia, G., Rossi, D., Finamore, A., Mellia, M., Meo, M., 2010. Stochastic Packet Inspection for TCP Traffic. In Proc. ICC2010, pp. 1-6.
  10. Lin, P., Lin, Y., Lee, T., Lai, Y., 2008. Using String Matching for Deep Packet Inspection. IEEE Computer, vol. 41, pp. 23-28.
  11. L7filter, 2011. http://l7-filter.clearfoundation.com/
  12. Nguyen, T., Armitage, G., 2007. A Survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, vol. 10, pp. 56-76.
  13. Opendpi, 2011. http://www.opendpi.org/
  14. Rao, A., Udupa, P., 2010. A Hardware Accelerated System For Deep Packet Inspection, In Proc. MEMOCODE'10, pp. 89-92.
  15. Snort, 2011. http://www.snort.org
  16. Yang, Y.-H. E., Hoang Le,Prasanna, V. K., 2010. High Performance Dictionary-Based String Matching for Deep Packet Inspection. In Proc. of INFOCOM 2010, pp. 1-5.
  17. Wang, C., Zhou, X., You, F., Chen, H., 2008. Design of P2P Traffic Identification Based on DPI and DFI, In Proc. of CNMT2009, pp. 1-4.
  18. Zhang, L., 2010. P2P-based Weighted Behavioral Characteristics Of Deep Packet Inspection Algorithm, In Proc. of CMCE 2010, pp. 468-470.
Download


Paper Citation


in Harvard Style

Khalife J., Hajjar A. and Díaz-Verdejo J. (2011). PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC . In Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011) ISBN 978-989-8425-69-0, pages 51-56. DOI: 10.5220/0003516000510056


in Bibtex Style

@conference{dcnet11,
author={Jawad Khalife and Amjad Hajjar and Jesús Díaz-Verdejo},
title={PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC},
booktitle={Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)},
year={2011},
pages={51-56},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003516000510056},
isbn={978-989-8425-69-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)
TI - PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC
SN - 978-989-8425-69-0
AU - Khalife J.
AU - Hajjar A.
AU - Díaz-Verdejo J.
PY - 2011
SP - 51
EP - 56
DO - 10.5220/0003516000510056