Design and Implementation of a Deep Packet Inspection System

• Main Authors: Ming-YiLiao, 廖明沂
• Other Authors: Chu-Sing Yang
• Format: Others
• Language: en_US
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/47968974053998385858

博士 === 國立成功大學 === 電腦與通信工程研究所 === 100 === Network services and applications are parts of people’s life today. With many business transactions keeping going in the Internet, to manage the network services is an important issue. Establishment of traffic classification is important for management of the network service. Classifying the network traffic based on port number is not enough, because some network services do not use fixed port. Such as Botnet and phishing site use the standard protocol to transmit data. Therefore, Deep Packet Inspection system is used to classify the network traffic for network traffic statistics, quality of service, and network security management. In this dissertation, we propose a new style of deep packet inspection system named Net-DPI and classify the patterns of network protocols based on the offset in the payload. The pattern table is constructed with trie structure for reducing the affection by the amount of patterns. In rule matching, we previously build the relationship between patterns and rules to simplify the complexity of rule matching. The proposed algorithms are for reducing the time cost of traffic classification. This system is implemented in Linux kernel. It provides traffic classification and sends the classified network services and connection information to the network management system for sharing to achieve the purpose of zone network defense.