research-article

Improving cost and accuracy of DPI traffic classifiers

Authors:
Niccolò Cascarano

Politecnico di Torino, Torino, Italy

Politecnico di Torino, Torino, Italy
View Profile

,
Luigi Ciminiera

Politecnico di Torino, Torino, Italy

Politecnico di Torino, Torino, Italy
View Profile

,
Fulvio Risso

Politecnico di Torino, Torino, Italy

Politecnico di Torino, Torino, Italy
View Profile

SAC '10: Proceedings of the 2010 ACM Symposium on Applied ComputingMarch 2010Pages 641–646https://doi.org/10.1145/1774088.1774223

Published:22 March 2010Publication History

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

Pages 641–646

ABSTRACT

Traffic classification through Deep Packet Inspection (DPI) is considered extremely expensive in terms of processing costs, leading to the conclusion that this technique is not suitable for DPI analysis on high speed networks. However, we believe that performance can be improved by exploiting some common characteristics of the network traffic. In this paper we present and evaluate some optimizations that can definitely decrease the processing cost and can even improve the classification precision.

References

M. Becchi, M. A. Franklin, and P. Crowley, "A workload for evaluating deep packet inspection architectures," in Proceedings of the IEEE International Symposium on Workload Characterization, pp. 79--89, IEEE, Sept. 2008.Google Scholar
F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, and K. Claffy, "Gt: picking up the truth from the ground for internet traffic," SIGCOMM Comput. Commun. Rev., vol. 38, pp. 207--218, October 2009. Google ScholarDigital Library
J. Erman, A. Mahanti, M. Arlitt, and C. Williamson, "Identifying and discriminating between web and peer-to-peer traffic in the network core," in Proceedings of the 16th International Conference on World Wide Web, (New York, NY, USA), pp. 883--892, ACM, 2007. Google ScholarDigital Library
L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian, "Traffic classification on the fly," SIGCOMM Comput. Commun. Rev., vol. 36, no. 2, pp. 23--26, 2006. Google ScholarDigital Library
M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli, "Traffic classification through simple statistical fingerprinting," SIGCOMM Comput. Commun. Rev., vol. 37, no. 1, pp. 5--16, 2007. Google ScholarDigital Library
S. Zander, T. T. T. Nguyen, and G. J. Armitage, "Self-learning ip traffic classification based on statistical flow characteristics.," in Passive and Active Measurement Workshop, vol. 3431 of Lecture Notes in Computer Science, pp. 325--328, Springer, 2005. Google ScholarDigital Library
N. Cascarano, A. Este, F. Gringoli, F. Risso, and L. Salgarelli, "An experimental evaluation of the computational cost of a dpi traffic classifier," in Proceedings of IEEE Globecom 2009, Next-Generation Networking and Internet Symposium, (New York, NY, USA), pp. 50--59, IEEE, November 2009. Google ScholarDigital Library
R. Smith, C. Estan, S. Jha, and S. Kong, "Deflating the big bang: fast and scalable deep packet inspection with extended finite automata," SIGCOMM Comput. Commun. Rev., vol. 38, no. 4, pp. 207--218, 2008. Google ScholarDigital Library
M. Becchi and P. Crowley, "Efficient regular expression evaluation: theory to practice," in Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS '08), (New York, NY, USA), pp. 50--59, ACM, 2008. Google ScholarDigital Library
S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner, "Algorithms to accelerate multiple regular expressions matching for deep packet inspection," in SIGCOMM 2006, (New York, NY, USA), pp. 339--350, ACM, 2006. Google ScholarDigital Library
A. W. Moore and K. Papagiannaki, "Toward the accurate identification of network applications," in Proceedings of the Passive and Active Measurements Workshop, pp. 41--54, 2005. Google ScholarDigital Library
F. Risso, M. Baldi, O. Morandi, A. Baldini, and P. Monclus, "Lightweight, payload-based traffic classification: An experimental evaluation," in IEEE International Conference on, International Conference on Communications (ICC), pp. 5869--5875, May 2008.Google Scholar
Netgroup Research Group, "NetBee library Protocol description database," http://www.nbee.org/netpdl.Google Scholar
l7-filter, "Application Layer Packet Classifier for Linux," http://l7-filter.sourceforge.net/.Google Scholar

Index Terms

Improving cost and accuracy of DPI traffic classifiers
1. Networks
  1. Network services

Recommendations

Improving matching performance of DPI traffic classifier
SAC '11: Proceedings of the 2011 ACM Symposium on Applied Computing

Traffic classification through DPI technology is considered spending most CPU time in pattern matching, leading to the conclusion that it is not suitable for classifying traffic online on high speed networks. In this paper we focus on how to improve ...
Read More
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis

Deep Packet Inspection (DPI) techniques are considered extremely expensive in terms of processing costs and therefore are usually deployed in edge networks, where the amount of data to be processed is limited. This paper demonstrates that, in case the ...
Read More
Independent comparison of popular DPI tools for traffic classification

Deep Packet Inspection (DPI) is the state-of-the-art technology for traffic classification. According to the conventional wisdom, DPI is the most accurate classification technique. Consequently, most popular products, either commercial or open-source, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing
March 2010
2712 pages
ISBN:9781605586397
DOI:10.1145/1774088
Conference Chairs:
Sung Y. Shin
South Dakota State University
,
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Michael Schumacher
University of Applied Sciences Western Switzerland, Switzerland
,
Program Chairs:
Mathew J. Palakal
Indiana University Purdue University
,
Chih-Cheng Hung
Southern Polytechnic State University
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 March 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
deep packet inspection
traffic classification
Qualifiers
- research-article
Conference

Acceptance Rates
SAC '10 Paper Acceptance Rate364of1,353submissions,27%Overall Acceptance Rate1,650of6,669submissions,25%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 350
  Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Improving cost and accuracy of DPI traffic classifiers

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Improving matching performance of DPI traffic classifier

Optimizing Deep Packet Inspection for High-Speed Traffic Analysis

Independent comparison of popular DPI tools for traffic classification