Explore chapters and articles related to this topic
Classification of P2P file-sharing traffic using heuristic based and statistical based techniques
Published in Rajesh Singh, Anita Gehlot, Intelligent Circuits and Systems, 2021
The payload-based classification technique overcomes the limitation of the port-based technique. It classifies the traffic by examining the packet-payload of each packet to search for the application signature and map it with the database containing the signatures of previously stored application protocols. For example, eDonkey P2P traffic contains the string ‘xe3\x38’. This technique is also known as deep packet inspection (DPI) and is the most accurate technique in classifying traffic. There also exist various open-source and commercial tools based on the DPI technique which can classify the traffic such as nDPI [9], Libprotoident [10,11], L7-filter [12], Cisco’s NBAR [13], etc. However, this technique suffers from various limitations, for example, it is infeasible in high-speed networks, involves a lot of processing load and complexity [14], is unable to deal with encrypted traffic, application protocol-signatures need to be found every time as new applications emerge, direct analysis of packet payload may breach the privacy policy of some organizations, etc.
AI and IoT Integration
Published in S. Velliangiri, Sathish A. P. Kumar, P. Karthikeyan, Internet of Things, 2020
Gnanaprakasam Pandian, Vivek Vinayagam, Brian Xu, Mark Sue
DPI takes the technology further by enabling the learning system to look inside and see the contents of information traveling within the network. DPI is also used for the detection and interception of viruses and other forms of malicious traffic to help keep an enterprise network safe. DPI overall is used in network management to streamline the flow of network traffic as certain traffic may have priority over basic web browsing, for example.
TCN enhanced novel malicious traffic detection for IoT devices
Published in Connection Science, 2022
Liu Xin, Liu Ziang, Zhang Yingli, Zhang Wenqiang, Lv Dong, Zhou Qingguo
Researchers actively explore and continuously improve network traffic detection technologies to improve network security and network service quality (Cai et al., 2022; Liu et al., 2019; Ning et al., 2021). The early network traffic detection mainly depended on the port allocation of the transport layer. The feature extraction was to obtain the port number of the transport layer. Because the detection accuracy decreased with reducing the proportion of traffic with fixed ports (Madhukar & Williamson, 2006), this method is not applicable in today's network environment. Deep Packet Inspection (DPI) is a common-used method in traffic detection. The DPI method based on fingerprint matching is still widely used in nowadays network security (Xu et al., 2016). In particular, the conventional matching method is used to represent the traffic features like regular expressions and then match them through the regular matching algorithm, which significantly improves the detection efficiency.
Integration of sparse singular vector decomposition and statistical process control for traffic monitoring and quality of service improvement in mission-critical communication networks
Published in IISE Transactions, 2018
DPI examines the contents of packets passing through a so-called inspection point within a network, and searches for anything out of the norm. Although DPI can be used to detect QoS problems, its major utility is to ensure network security by detecting instructions, viruses, spams, and non-compliance of contents with regulation. Various DPI systems and techniques have been developed. For example, SNORT (Roesch, 1999) is a well-known open-source system that can detect various types of worms, attacks, and probes using protocol analysis, and content searching and matching. Smith et al. (2008) proposed a DPI technique that uses regular expression with extended finite automata. Focusing on QoS, Cascarano et al. (2011) proposed and validated optimizations for DPI techniques to accelerate network monitoring and traffic classification on high-speed networks. There are several drawbacks in using DPI for QoS:DPI often requires costly dedicated devices to track, unpack, and analyze real-time packets.DPI can be time-consuming, especially with large-sized packet contents (e.g., audio, video), which makes it unsuitable for real-time QoS monitoring.As DPI examines packet contents, there is a profound concern about privacy.Due to the privacy concern, more and more network protocols such as HTTPS, SFTP, and SSL have been designed to protect private contents from being examined by DPI.