Summary of the technology
Project ID : 10-2012-2759
Description of the technology
Fast Online Deep Packet Inspection (DPI)
- Network security requires the inspection of data packets for protocol non-compliance, viruses, spam, intrusions, or other predefined security-linked criteria.
- Usually carried out by a network device performing Deep Packet Inspection (DPI) of a packet.
- DPI consists of inspecting both the packet header and payload and alerting when signatures of malicious software, identified through pattern matching algorithms, appear in the traffic.
- In order to save bandwidth and to speed up web browsing, most major sites use traffic compression which poses a challenge for performing DPI.
Novel pattern matching algorithm that inspects Shared Dictionary Compression over HTTP (SDCH)-compressed traffic without need for decompression
- Algorithm operates in two phases, the offline phase and the online phase.
- The offline phase starts when the device gets the dictionary.
- The offline phase consists of inspection of the shared dictionary common to all SDCH-compressed traffic.
- In the offline phase, auxiliary information is marked to speed up the online DPI inspection.
- Upon receiving the delta file, which is unique to each compressed file, it is scanned online.
- System skips up to 99% of the referenced data and gains up to 56% improvement in the performance of the multi-patterns matching algorithm, as compared with scanning the plain text directly, that is, it works almost at the rate of the compressed traffic, implying a speed gain of SDCH’s compression ratio.
- Low memory footprint so algorithm can be easily deployed in current environments.
- Seeking industrial cooperation to implement the system
- Algorithm can run within a security tool that performs DPI, deployed with a pattern matching algorithm.
- Can run in a single user environment, such as PC, tablet, or cellular phone