Adaptive Pattern Matching Grammar Generation for Use in Deep Packet Inspection

Deep Packet Inspection (DPI) is becoming more widely used in virtually all applications or services like Denial of Service (DoS), Intrusion Detection System (IDS) etc. that operate with or within a network. However for a developer or team working on any network project who need to perform DPI, there is always the issue of using a third party source which may involve added cost or implementing it themselves which requires time and study of protocols, signatures and the nuances of pattern matching. The paper proposes a solution to the above problem using an adaptive grammar generation algorithm. This method reduces the entropy among similar results given by different patterns. Immense customizability is the foremost advantage of this method. Existing grammars for new signatures can be combined into a single grammar easily rather than new grammars be generated from raw target strings. The paper, thus, looks to limit the detailed knowledge requirement for the design of signature detection procedures and in doing so re-use existing procedures which have been thoroughly debugged and tested.