On the performance of DPI signature matching with dynamic priority

Traffic classification and identification plays an important role for several activities in network traffic management, where DPI (Deep Packet Inspection) is one of the most accurate and used techniques. However, inspection of packet payload is highly computing intensive. Several research studies have evaluated different components of DPI systems for application detection, in order to increase the classification speed. Nonetheless, the arrangement of the signatures in the signature set is an open issue and can degrade performance. Depending on the order of signatures, the overall performance of the DPI system can be degraded, leading to loss of packets and incorrect traffic identification. To the best of our knowledge, no previous research has analyzed the impact of the order of the application signatures and how it could be modified to improve the identification speed in a given DPI. In this work, we evaluate the impact of the ordering of signatures in a list and propose a method to dynamically adapt the signature list according to the traffic dynamics. We show the effectiveness of our approach with the most reactive proposed setup, saving more than 50% of processing time. We demonstrate the importance of the order of signatures and propose an effective method that can be used to save processing time. Finally, our method can be combined with other state-of-the-art techniques to achieve an optimal utilization of DPI features.