Deep packet inspection tools and techniques in commodity platforms: Challenges and trends

Antonello, Rafael; Fernandes, Stênio; Kamienski, Carlos; Sadok, Djamel; Kelner, Judith; Gódor, István; Szabó, Géza; Westholm, Tord

doi:10.1016/j.jnca.2012.07.010

Cited by 47 publications

(31 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ese features are frequently included in deep packet inspection techniques [49,50] but are often too slow to be included in standard firewalls. In order to provide a deep description of packets on the firewall layer and quickly evaluate them, the use of BPF language together with the BPF virtual machine subsystem included in the current versions of Linux kernel seems to be an elegant solution, especially as BPF had been used before to accomplish similar difficult network tasks with low computational effort [11].…”

Section: Os Firewalling Supportmentioning

confidence: 99%

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

Cruz

Gómez-Meire

Ruano-Ordás

et al. 2019

Scientific Programming

View full text Add to dashboard Cite

e Internet of ings (IoT) introduced the opportunity of remotely manipulating home appliances (such as heating systems, ovens, blinds, etc.) using computers and mobile devices. is idea fascinated people and originated a boom of IoT devices together with an increasing demand that was difficult to support. Many manufacturers quickly created hundreds of devices implementing functionalities but neglected some critical issues pertaining to device security. is oversight gave rise to the current situation where thousands of devices remain unpatched having many security issues that manufacturers cannot address after the devices have been produced and deployed. is article presents our novel research protecting IOT devices using Berkeley Packet Filters (BPFs) and evaluates our findings with the aid of our Filter.tlk tool, which is able to facilitate the development of BPF expressions that can be executed by GNU/Linux systems with a low impact on network packet throughput.

show abstract

Section: Os Firewalling Supportmentioning

confidence: 99%

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

Cruz

Gómez-Meire

Ruano-Ordás

et al. 2019

Scientific Programming

View full text Add to dashboard Cite

show abstract

“…The Packet Filter accesses KDF files and parse each captured data packet and drops any duplicated HTTP or non-HTTP packets. These HTTP packets needs to be analyzed using Deep Packet Inspection (DPI) Techniques [16]. The Packet Processor first retrieves the contents from the payload of the HTTP packet.…”

Section: System Architecturementioning

confidence: 99%

SQLI detection system for a safer web application

Pramod¹,

Ghosh²,

Mohan³

et al. 2015

2015 IEEE International Advance Computing Conference (IACC)

View full text Add to dashboard Cite

SQL Injection (SQLI) is a quotidian phenomenon in the field of network security. It is a potent and effective way of intruding into secured databases thereby jeopardizing the confidentiality, integrity and availability of information in them. SQL Injection works by inserting malicious queries into legal queries thereby rendering it increasingly arduous for most detection systems to be able to discern its occurrence. Hence, the need of the hour is to build a coherent and a smart SQL Injection detection system to make web applications safer and thus, more reliable. Unlike a great majority of current detection tools and systems that are deployed at a region between the web server and the database server, the proposed system is deployed between client and the web server, thereby shielding the web server from the inimical impacts of the attack. This approach is nascent and efficient in terms of detection, ranking and notification of the attack designed using pattern matching algorithm based on the concept of hashing.

show abstract

“…There are many methods for classifying network traffic. The most common methods are the classification by using known transport layer ports (port-based methodology) and Deep Packet Inspection (DPI) [14,26,27]. The port-based method analyzes the port numbers from the transport layer and is utilized to classify applications (e.g., Skype, BitTorrent, Edonkey) or application protocols (e.g., HTTP, FTP, DNS, SSH).…”

Section: Introductionmentioning

confidence: 99%

MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy

Nascimento¹,

Sadok²

2018

Information

Self Cite

View full text Add to dashboard Cite

Network traffic classification aims to identify categories of traffic or applications of network packets or flows. It is an area that continues to gain attention by researchers due to the necessity of understanding the composition of network traffics, which changes over time, to ensure the network Quality of Service (QoS). Among the different methods of network traffic classification, the payload-based one (DPI) is the most accurate, but presents some drawbacks, such as the inability of classifying encrypted data, the concerns regarding the users’ privacy, the high computational costs, and ambiguity when multiple signatures might match. For that reason, machine learning methods have been proposed to overcome these issues. This work proposes a Multi-Objective Divide and Conquer (MODC) model for network traffic classification, by combining, into a hybrid model, supervised and unsupervised machine learning algorithms, based on the divide and conquer strategy. Additionally, it is a flexible model since it allows network administrators to choose between a set of parameters (pareto-optimal solutions), led by a multi-objective optimization process, by prioritizing flow or byte accuracies. Our method achieved 94.14% of average flow accuracy for the analyzed dataset, outperforming the six DPI-based tools investigated, including two commercial ones, and other machine learning-based methods.

show abstract

Deep packet inspection tools and techniques in commodity platforms: Challenges and trends

Cited by 47 publications

References 48 publications

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

SQLI detection system for a safer web application

MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy

Contact Info

Product

Resources

About