Title :
Elastic deep packet inspection
Author :
Watson, Bruce W. ; Blox, Ip
Author_Institution :
Dept. of Inf. Sci., Stellenbosch Univ., Stellenbosch, South Africa
Abstract :
Deep packet inspection (DPI) systems are required to perform at or near network line-rate speeds, matching thousands of rules against the network traffic. The engineering performance and price trade-offs are such that DPI is difficult to virtualize, either because of very high memory consumption or the use of custom hardware; similarly, a running DPI instance is difficult to `move´ cheaply to another part of the network. Algorithmic constraints make it costly to update the set of rules, even with minor edits. In this paper, we present Elastic DPI. Thanks to new algorithms and data-structures, all of these performance and flexibility constraints can be overcome - an important development in an increasingly virtualized network environment. The ability to incrementally update rule sets is also a potentially interesting use-case in next generation firewall appliances that rapidly update their rule sets.
Keywords :
computer network security; data structures; inspection; telecommunication traffic; virtualisation; DPI systems; data structures; elastic DPI; elastic deep packet inspection; engineering performance; firewall appliances; flexibility constraints; network traffic; performance constraints; rule set updating; virtualized network environment; Engines; Hardware; Inspection; Memory management; Optimization; Sensors; Virtual machining; deep packet inspection (DPI); incremental defense; speed/memory performance;
Conference_Titel :
Cyber Conflict (CyCon 2014), 2014 6th International Conference On
Conference_Location :
Tallinn
Print_ISBN :
978-9949-9544-0-7
DOI :
10.1109/CYCON.2014.6916406
