Proceedings ArticleDOI
nDPI: Open-source high-speed deep packet inspection
Luca Deri,Maurizio Martinelli,Tomasz Bujlow,Alfredo Cardigliano +3 more
- pp 617-622
Reads0
Chats0
TLDR
NDPI as discussed by the authors is an open-source library for protocol classification using both packet header and payload, which has been extensively validated in various monitoring projects ranging from Linux kernel protocol classification, to analysis of 10 Gbit traffic, reporting both high protocol detection accuracy and efficiency.Abstract:
Network traffic analysis was traditionally limited to packet header, because the transport protocol and application ports were usually sufficient to identify the application protocol. With the advent of port-independent, peer-to-peer, and encrypted protocols, the task of identifying application protocols became increasingly challenging, thus creating a motivation for creating tools and libraries for network protocol classification. This paper covers the design and implementation of nDPI, an open-source library for protocol classification using both packet header and payload. nDPI was extensively validated in various monitoring projects ranging from Linux kernel protocol classification, to analysis of 10 Gbit traffic, reporting both high protocol detection accuracy and efficiency. Keywords—Passive traffic classification, Deep Packet Inspection, network traffic monitoringread more
Citations
More filters
Journal ArticleDOI
Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things
TL;DR: A new technique for NTC based on a combination of deep learning models that can be used for IoT traffic provides better detection results than alternative algorithms without requiring any feature engineering, which is usual when applying other models.
Journal ArticleDOI
A survey of methods for encrypted traffic classification and analysis
TL;DR: The most widespread encryption protocols used throughout the Internet are described and it is shown that the initiation of an encrypted connection and the protocol structure give away much information for encrypted traffic classification and analysis.
Journal ArticleDOI
Independent comparison of popular DPI tools for traffic classification
TL;DR: This paper presents a comprehensive comparison of 6 well-known DPI tools, which are commonly used in the traffic classification literature, and presents PACE, a commercial tool, as the most accurate solution.
Journal ArticleDOI
Survey of Performance Acceleration Techniques for Network Function Virtualization
Leonardo Linguaglossa,Stanislav Lange,Salvatore Pontarelli,Gábor Rétvári,Dario Rossi,Thomas Zinner,Roberto Bifulco,Michael Jarschel,Giuseppe Bianchi +8 more
TL;DR: This paper provides a comprehensive overview of the host-based network function virtualization (NFV) ecosystem, covering a broad range of techniques, from low-level hardware acceleration and bump-in-the-wire offloading approaches to high-level software acceleration solutions, including the virtualization technique itself.
Journal ArticleDOI
Traffic Analysis with Off-the-Shelf Hardware: Challenges and Lessons Learned
TL;DR: This work presents and discusses design choices to enable a STA to collects hundreds of per-flow metrics at a multi-10-Gb/s line rate, and outlines the principles to design an optimized STA, and implements them to engineer D PDKStat, a solution combining the Intel DPDK framework with the traffic analyzer Tstat.
References
More filters
Journal ArticleDOI
A survey of techniques for internet traffic classification using machine learning
TL;DR: This survey paper looks at emerging research into the application of Machine Learning techniques to IP traffic classification - an inter-disciplinary blend of IP networking and data mining techniques.
Journal ArticleDOI
Contention avoidance and resolution schemes in bufferless all-optical packet-switched networks: a survey
Journal ArticleDOI
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
TL;DR: This paper introduces a new representation for regular expressions, called the Delayed Input DFA (D2FA), which substantially reduces space equirements as compared to a DFA, and describes an efficient architecture that can perform deep packet inspection at multi-gigabit rates.
Proceedings ArticleDOI
Internet traffic classification demystified: myths, caveats, and the best practices
TL;DR: This work critically revisit traffic classification by conducting a thorough evaluation of three classification approaches, based on transport layer ports, host behavior, and flow features, and extracts insights and recommendations for both the study and practical application of traffic classification.
Journal ArticleDOI
Traffic classification through simple statistical fingerprinting
TL;DR: This paper presents a ow classification mechanism based on three simple properties of the captured IP packets: their size, inter-arrival time and arrival order, which is showing promising preliminary results from the classification of a reduced set of protocols.