Visible to the public Efficient Keyword Matching for Deep Packet Inspection based Network Traffic Classification

TitleEfficient Keyword Matching for Deep Packet Inspection based Network Traffic Classification
Publication TypeConference Paper
Year of Publication2020
AuthorsKhandait, P., Hubballi, N., Mazumdar, B.
Conference Name2020 International Conference on COMmunication Systems NETworkS (COMSNETS)
Keywordsapplication signatures, Complexity theory, deep packet inspection, deep packet inspection based network traffic classification, digital signatures, DPI, efficient keyword matching, flow payloads, good classification accuracy, Inspection, network flows, network management, Network traffic classification, pattern classification, Pattern matching, Payloads, potential application signature, Protocols, pubcrawl, quality of service, Resiliency, Scalability, security monitoring, State Transition Machine, string matching, subsequent signature matching, telecommunication network management, telecommunication traffic, Testing, traffic classification techniques
AbstractNetwork traffic classification has a range of applications in network management including QoS and security monitoring. Deep Packet Inspection (DPI) is one of the effective method used for traffic classification. DPI is computationally expensive operation involving string matching between payload and application signatures. Existing traffic classification techniques perform multiple scans of payload to classify the application flows - first scan to extract the words and the second scan to match the words with application signatures. In this paper we propose an approach which can classify network flows with single scan of flow payloads using a heuristic method to achieve a sub-linear search complexity. The idea is to scan few initial bytes of payload and determine potential application signature(s) for subsequent signature matching. We perform experiments with a large dataset containing 171873 network flows and show that it has a good classification accuracy of 98%.
Citation Keykhandait_efficient_2020