Deep Packet Inspection: A Key Issue for Network Security

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 738)

Abstract

As the number of cyber-attacks continue to increase, the need for data protection increases as well. Deep Packet Inspection is a highly effective way to reveal suspicious content in the headers or the payloads in any packet processing layer, except when the payload is encrypted. DPI is an essential inspector of packet payloads as it is applied to many different layers of the OSI model. The DPI tasks include intrusion detection, exfiltration detection and parental filtering. This can be a great advantage as layer-independent attacks are becoming more prevalent. It allows for inspection of all layers for attacks. However, there are challenges that come with Deep Packet Inspection. Some include the decrease of throughput of the system, attacks through the Secured Socket Layer and intrusion fingerprint matching. These challenges do not constitute as grounds to eliminate DPI as a method, but instead obstacles to be aware of in case difficulties with implementation prevails.

Keywords

Deep Packet Inspection Network intrusion detection system Secure socket layer Network security Network traffic Pattern matching 

References

  1. 1.
    G.A.P. Rodrigues, R. de Oliveira Albuquerque, F.E.G. de Deus, R.T. de Sousa Jr., G.A. de Oliveira Júnior, L.J.G. Villalba, T.-H. Kim, Cybersecurity and network forensics: Analysis of malicious traffic towards a Honeynet with Deep Packet Inspection. Appl. Sci. 7(10), 1082 (2017)CrossRefGoogle Scholar
  2. 2.
    A. Kennedy, X. Wang Z. Liu, B. Liu, Ultra-high throughput string matching for Deep Packet Inspection, in 2010 Design, Automation & Test in Europe Conference & Exhibition (2010), Dresden, 2010, pp. 399–404Google Scholar
  3. 3.
    S. Antonatos, K.G. Anagnostakis, E.P. Markatos, Generating realistic workloads for network intrusion detection systems. SIGSOFT Softw. Eng. Notes 29(1), 207–215 (2004) CrossRefGoogle Scholar
  4. 4.
    V. Martin, Why you should use SSL inspection—Fortinet Cookbook. [Online] Fortinet Cookbook (2017). http://cookbook.fortinet.com/why-you-should-use-ssl-inspection
  5. 5.
  6. 6.
    Fortinet, Next-Generation Firewalls (2017). [Online]. https://www.fortinet.com/products/next-generation-firewall.html
  7. 7.
  8. 8.
    Snort.org, What is Snort? (2017) [Online]. https://www.snort.org/faq/what-is-snort
  9. 9.
    J. Sherry, C. Lan, R.A. Popa, S. Ratnasamy, Blindbox: Deep packet inspection over encrypted traffic. Comput. Commun. Rev. 45(5), 213 (2015).  https://doi.org/10.1145/2829988.2787502 CrossRefGoogle Scholar
  10. 10.
    M. Pyatkovskiy, Fast SSL testing using precalculated cryptographyc data (2017). Patents, [Online] p. 9. https://www.google.com/patents/US8649275

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Robert Morris UniversityMoonUSA

Personalised recommendations