Deep Packet Field Extraction Engine (DPFEE): A pre-processor for network intrusion detection and denial-of-service detection systems

Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a Deep Packet Field Extraction Engine (DPFEE) to offload the application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) on a single FPGA, achieved a bandwidth of 257.1 Gbps and this can be easily scaled beyond 300 Gbps.