High speed pattern matching for deep packet inspection

2009 ◽  
Author(s):  
Junghak Kim ◽  
Song-in Choi
Keyword(s):  
Pattern Matching ◽  
High Speed ◽  
Deep Packet Inspection ◽  
Packet Inspection

scholarly journals A Hybrid CPU/GPU Pattern-Matching Algorithm for Deep Packet Inspection

PLoS ONE ◽  
2015 ◽  
Vol 10 (10) ◽  
pp. e0139301 ◽  
Author(s):  
Chun-Liang Lee ◽  
Yi-Shan Lin ◽  
Yaw-Chung Chen
Keyword(s):  
Pattern Matching ◽  
Deep Packet Inspection ◽  
Matching Algorithm ◽  
Pattern Matching Algorithm ◽  
Packet Inspection

scholarly journals Fast Packet Inspection for End-To-End Encryption

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1937
Author(s):  
So-Yeon Kim ◽  
Sun-Woo Yun ◽  
Eun-Young Lee ◽  
So-Hyeon Bae ◽  
Il-Gu Lee
Keyword(s):  
Information Security ◽  
Information Transfer ◽  
High Speed ◽  
Personal Data ◽  
Security System ◽  
Frame Structure ◽  
Inspection Time ◽  
Deep Packet Inspection ◽  
End To End ◽  
Packet Inspection

With the recent development and popularization of various network technologies, communicating with people at any time, and from any location, using high-speed internet, has become easily accessible. At the same time, eavesdropping, data interception, personal data leakage, and distribution of malware during the information transfer process have become easier than ever. Recently, to respond to such threats, end-to-end encryption (E2EE) technology has been widely implemented in commercial network services as a popular information security system. However, with the use of E2EE technology, it is difficult to check whether an encrypted packet is malicious in an information security system. A number of studies have been previously conducted on deep packet inspection (DPI) through trustable information security systems. However, the E2EE is not maintained when conducting a DPI, which requires a long inspection time. Thus, in this study, a fast packet inspection (FPI) and its frame structure for quickly detecting known malware patterns while maintaining E2EE are proposed. Based on the simulation results, the proposed FPI allows for inspecting packets approximately 14.4 and 5.3 times faster, respectively, when the inspection coverage is 20% and 100%, as compared with a DPI method under a simulation environment in which the payload length is set to 640 bytes.

scholarly journals Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls

2021 ◽  
Author(s):  
J.V. BibalBenifa ◽  
Saravanan Krishnann ◽  
Hoang Long ◽  
Raghvendra Kumar ◽  
David Taniar
Keyword(s):  
Machine Learning ◽  
Pattern Matching ◽  
Hybrid Method ◽  
Naive Bayes ◽  
Denial Of Service ◽  
Naïve Bayes ◽  
Support Vector ◽  
The Internet ◽  
Deep Packet Inspection ◽  
Packet Inspection

Abstract Malware is essentially one of the major security issues that have the potential to break the computer operations instantly. Majority of the internet attacks are caused by malwares that are being distributed through HTTP over the Internet. A Firewall is essential to prevent such internet attacks for enhancing the security measures. The most efficient method to prevent Intrusion in the network is Deep Packet Inspection (DPI), which is presently implemented in advanced firewalls. This research work intends to detect and prevent the intrusion in the network using a hybrid method with DPI, Pattern Matching (PM), and Machine Learning (ML) techniques. In this present work, a hybrid method which involves the functionalities of both DPI and ML is used for classification and identification of attacks. Here, DPI is done by Boyer-Moore-Horspool (BMHP) pattern matching algorithm and ten ML algorithms such as Support Vector Machines (SVM), Linear-SVM (L-SVM), K-Nearest Neighbors (KNN), Multi-Layer Perceptron (MLP), Decision Tree (DT), Random Forest (RF), AdaBoost (Ada), Gaussian Naive Bayes (GaNB) and Bernouli Naive Bayes (BeNB) are employed for classification. Subsequently, the proposed work is evaluated in a sequential and parallel manner and it is customized for identifying the fuzzy, impersonation and Denial of Service (DoS)-based attacks. The proposed system is analyzed in different dimensions such as performance of ML methods and role of DPI in attack identification including the pattern matching efficiency. From the investigation, it is identified that BMHP algorithm has the least time and memory consumed values about 0.0028 sec and 125.4 Mib respectively. Similarly, SVM has the accuracy of 99.91% with the least time and memory consumed values about 18.185 sec and 303.5 MiB respectively.

Sign in / Sign up

Export Citation Format

Share Document