PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC

Jawad Khalife, Amjad Hajjar, Jesús Díaz-Verdejo

2011

Abstract

The identification of the nature of the traffic flowing through a TCP/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.

References

  1. Aceto, G., Dainotti, A., de Donato, W., Pescapé, A., 2010. PortLoad: taking the best of two worlds in traffic classification, In Proc. of IEEE INFOCOM 2010.
  2. Aceto, G., Dainotti, A., de Donato, W., Pescapé, A., 2010. PortLoad: taking the best of two worlds in traffic classification, In Proc. of IEEE INFOCOM 2010.
  3. Allot Communications, 2007. Digging Deeper Into Deep Packet Inspection (DPI). White paper. Available at http://www.dpacket.org
  4. Allot Communications, 2007. Digging Deeper Into Deep Packet Inspection (DPI). White paper. Available at http://www.dpacket.org
  5. Carela-Español, V., Barlet-Ros, P., Cabellos-Aparicio, A., Solé-Pareta, J., 2010. Analysis of the impact of sampling on NetFlow traffic classification, Computer Network (In press), Elsevier.
  6. Carela-Español, V., Barlet-Ros, P., Cabellos-Aparicio, A., Solé-Pareta, J., 2010. Analysis of the impact of sampling on NetFlow traffic classification, Computer Network (In press), Elsevier.
  7. Dehghani, F., Movahhedinia, N., Khayyambashi, M. R., Kianian, S., 2010. Real-time Traffic Classification Based on Statistical and Payload Content Features, In Proc. IWISA 2010, pp. 1-4.
  8. Dehghani, F., Movahhedinia, N., Khayyambashi, M. R., Kianian, S., 2010. Real-time Traffic Classification Based on Statistical and Payload Content Features, In Proc. IWISA 2010, pp. 1-4.
  9. Fernandes, S., Antonello, R., Lacerda, T., Santos, A., Sadok, D., Westholm, T., 2009. Slimming Down Deep Packet Inspection Systems, In Proc. INFOCOM Workshops 2009, pp. 1-6.
  10. Fernandes, S., Antonello, R., Lacerda, T., Santos, A., Sadok, D., Westholm, T., 2009. Slimming Down Deep Packet Inspection Systems, In Proc. INFOCOM Workshops 2009, pp. 1-6.
  11. Ficara, D., Antichi, G., Di Pietro, A., Giordano, S., Procissi, G., Vitucci, F., 2010. Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems, In Proc. 2010 ICC2010, pp. 1-5.
  12. Ficara, D., Antichi, G., Di Pietro, A., Giordano, S., Procissi, G., Vitucci, F., 2010. Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems, In Proc. 2010 ICC2010, pp. 1-5.
  13. Ipoque, 2011. http://www.ipoque.com/
  14. Ipoque, 2011. http://www.ipoque.com/
  15. Jurga, R. E., Hulbój, M. M., 2008. Packet Sampling for Network Monitoring, Technical Report, CERN | HP Procurve openlab project. Available at http://www.zd netasia.com/whitepaper/packet-sampling-for-networkmonitoring_wp-1828217.htm
  16. Jurga, R. E., Hulbój, M. M., 2008. Packet Sampling for Network Monitoring, Technical Report, CERN | HP Procurve openlab project. Available at http://www.zd netasia.com/whitepaper/packet-sampling-for-networkmonitoring_wp-1828217.htm
  17. La Mantia, G., Rossi, D., Finamore, A., Mellia, M., Meo, M., 2010. Stochastic Packet Inspection for TCP Traffic. In Proc. ICC2010, pp. 1-6.
  18. La Mantia, G., Rossi, D., Finamore, A., Mellia, M., Meo, M., 2010. Stochastic Packet Inspection for TCP Traffic. In Proc. ICC2010, pp. 1-6.
  19. Lin, P., Lin, Y., Lee, T., Lai, Y., 2008. Using String Matching for Deep Packet Inspection. IEEE Computer, vol. 41, pp. 23-28.
  20. Lin, P., Lin, Y., Lee, T., Lai, Y., 2008. Using String Matching for Deep Packet Inspection. IEEE Computer, vol. 41, pp. 23-28.
  21. L7filter, 2011. http://l7-filter.clearfoundation.com/
  22. L7filter, 2011. http://l7-filter.clearfoundation.com/
  23. Nguyen, T., Armitage, G., 2007. A Survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, vol. 10, pp. 56-76.
  24. Nguyen, T., Armitage, G., 2007. A Survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, vol. 10, pp. 56-76.
  25. Opendpi, 2011. http://www.opendpi.org/
  26. Opendpi, 2011. http://www.opendpi.org/
  27. Rao, A., Udupa, P., 2010. A Hardware Accelerated System For Deep Packet Inspection, In Proc. MEMOCODE'10, pp. 89-92.
  28. Rao, A., Udupa, P., 2010. A Hardware Accelerated System For Deep Packet Inspection, In Proc. MEMOCODE'10, pp. 89-92.
  29. Snort, 2011. http://www.snort.org
  30. Snort, 2011. http://www.snort.org
  31. Yang, Y.-H. E., Hoang Le,Prasanna, V. K., 2010. High Performance Dictionary-Based String Matching for Deep Packet Inspection. In Proc. of INFOCOM 2010, pp. 1-5.
  32. Yang, Y.-H. E., Hoang Le,Prasanna, V. K., 2010. High Performance Dictionary-Based String Matching for Deep Packet Inspection. In Proc. of INFOCOM 2010, pp. 1-5.
  33. Wang, C., Zhou, X., You, F., Chen, H., 2008. Design of P2P Traffic Identification Based on DPI and DFI, In Proc. of CNMT2009, pp. 1-4.
  34. Wang, C., Zhou, X., You, F., Chen, H., 2008. Design of P2P Traffic Identification Based on DPI and DFI, In Proc. of CNMT2009, pp. 1-4.
  35. Zhang, L., 2010. P2P-based Weighted Behavioral Characteristics Of Deep Packet Inspection Algorithm, In Proc. of CMCE 2010, pp. 468-470.
  36. Zhang, L., 2010. P2P-based Weighted Behavioral Characteristics Of Deep Packet Inspection Algorithm, In Proc. of CMCE 2010, pp. 468-470.
Download


Paper Citation


in Harvard Style

Khalife J., Hajjar A. and Díaz-Verdejo J. (2011). PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC . In Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011) ISBN 978-989-8425-69-0, pages 51-56. DOI: 10.5220/0003516000510056


in Harvard Style

Khalife J., Hajjar A. and Díaz-Verdejo J. (2011). PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC . In Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011) ISBN 978-989-8425-69-0, pages 51-56. DOI: 10.5220/0003516000510056


in Bibtex Style

@conference{dcnet11,
author={Jawad Khalife and Amjad Hajjar and Jesús Díaz-Verdejo},
title={PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC},
booktitle={Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)},
year={2011},
pages={51-56},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003516000510056},
isbn={978-989-8425-69-0},
}


in Bibtex Style

@conference{dcnet11,
author={Jawad Khalife and Amjad Hajjar and Jesús Díaz-Verdejo},
title={PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC},
booktitle={Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)},
year={2011},
pages={51-56},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003516000510056},
isbn={978-989-8425-69-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)
TI - PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC
SN - 978-989-8425-69-0
AU - Khalife J.
AU - Hajjar A.
AU - Díaz-Verdejo J.
PY - 2011
SP - 51
EP - 56
DO - 10.5220/0003516000510056


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)
TI - PERFORMANCE OF OPENDPI TO IDENTIFY TRUNCATED NETWORK TRAFFIC
SN - 978-989-8425-69-0
AU - Khalife J.
AU - Hajjar A.
AU - Díaz-Verdejo J.
PY - 2011
SP - 51
EP - 56
DO - 10.5220/0003516000510056