Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar
Year 2023,
, 1 - 29, 15.01.2023
Merve Çelebi
,
Alper Özbilen
,
Uraz Yavanoğlu
Abstract
Derin Paket İnceleme (Deep Packet Inspection-DPI), hem paket başlığı hem de paket yükü üzerinde ayrıntılı analizler gerçekleştirerek ağ trafiğinin tam görünürlüğünü sağlar. Ağ güvenliği veya devlet gözetimi gibi uygulamalarda kullanılabilmesi yönüyle DPI, kritik bir öneme sahiptir. Bu çalışmada, DPI hakkında kapsamlı bir araştırma sunulmuştur. Diğer inceleme çalışmalarından farklı olarak bu çalışmanın amacı, modern ağ trafiğinin analiz edilmesi sürecinde performansı sınırlandıran parametreleri belirleyerek DPI tekniğinin ağ analizi mekanizmalarına verimli ve etkili bir şekilde entegrasyonunu sağlamaktır. Karmaşık davranışlar gösteren ağ trafiği modelinin incelenmesinin birden fazla tekniğin bir araya getirilerek güçlü hibrit sistemlerle gerçekleştirildiği göz önünde bulundurularak, DPI metodu, ağ trafiğinin analizinde kullanılan diğer tekniklerle birlikte incelenmiştir. Ağ güvenliği hususunda kritik öneme sahip DPI metodunun IoT ve SDN mimarileri üzerindeki güvenlik uygulamaları tartışılmış ve DPI’ın IDS’lere hibrit sistemin bir bileşeni olarak uygulandığı mekanizmalar incelenmiştir. Ayrıca, Şifreli ağ trafiğinde inceleme gerçekleştiren yöntemler üzerinde durulmuş ve bu yöntemler güvenlik, performans ve fonksiyonellik açılarından değerlendirilmiştir. Son olarak, tüm DPI süreçleri için uygulama zorlukları ve bu zorluklarla ilişkili gelecek araştırma konuları ele alınmıştır.
References
- M. Abbasi, A. Shahraki, A. Taherkordi, Deep learning for network traffic monitoring and analysis (ntma): A survey, Computer Communications 170 (10), 19–41, 2021. https://doi.org/10.1016/j.comcom.2021.01.021.
- G. A. Pimenta Rodrigues, R. de Oliveira Albuquerque, F. E. Gomes de Deus, G. A. De Oliveira J´unior, L. J. Garc´ıa Villalba, T.-H. Kim, et al., Cybersecurity and network forensics: Analysis of malicious traffic towards a honeynet with deep packet inspection, Applied Sciences 7 (10), 1082, 2017.
https://doi.org/10.3390/app7101082.
- C. Parsons, Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials, Citeseer, 2011.
- C. Parsons, The politics of deep packet inspection: What drives surveillance by internet service providers?, Ph.D. thesis, 2013.
- C. Xu, S. Chen, J. Su, S.-M. Yiu, L. C. Hui, A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms, IEEE Communications Surveys & Tutorials 18 (4), 2991–3029, 2016. https://doi.org/10.1109/COMST.2016.2566669.
- R. Bendrath, M. Mueller, The end of the net as we know it? deep packet inspection and internet governance, New Media & Society 13 (7), 1142–1160, 2011. https://doi.org/10.1177/1461444811398031.
- P. Renals, G. A. Jacoby, Blocking skype through deep packet inspection, in: 2009 42nd Hawaii International Conference on System Sciences, IEEE, pp. 1–5, 2009.
- R. M. Topolski, F. Press, P. Knowledge, Nebuad and partner isps: Wiretapping, forgery and browser hijacking, Washington DC: FreePress.
- M. R. Shahid, G. Blanc, Z. Zhang, H. Debar, Iot devices recognition through network traffic analysis, in: 2018 IEEE international conference on big data (big data), IEEE, pp. 5187–5192, 2018.
- H. Tahaei, F. Afifi, A. Asemi, F. Zaki, N. B. Anuar, The rise of traffic classification in iot networks: A survey, Journal of Network and Computer Applications 154, 102538, 2020. https://doi.org/10.1016/j.jnca.2020.102538.
- R. Antonello, S. Fernandes, C. Kamienski, D. Sadok, J. Kelner, I. Godor, G. Szabo, T. Westholm, Deep packet inspection tools and techniques in commodity platforms: Challenges and trends, Journal of Network and Computer Applications 35 (6), 1863–1878, 2012. https://doi.org/10.1016/j.jnca.2012.07.010.
- M. Finsterbusch, C. Richter, E. Rocha, J.-A. Muller, K. Hanssgen, A survey of payload-based traffic classification approaches, IEEE Communications Surveys & Tutorials 16 (2), 1135–1156, 2013. https://doi.org/10.1109/SURV.2013.100613.00161.
- G. D. L. T. Parra, P. Rad, K.-K. R. Choo, Implementation of deep packet inspection in smart grids and industrial internet of things: Challenges and opportunities, Journal of Network and Computer Applications 135, 32–46, 2019. https://doi.org/10.1016/j.jnca.2019.02.022.
- W. Wu, M. Crawford, M. Bowden, The performance analysis of linux networking–packet receiving, Computer Communications 30 (5), 1044–1057, 2007. https://doi.org/10.1016/j.comcom.2006.11.001.
- R. Rosen, Linux kernel networking: Implementation and theory, Apress, 2014.
- J. L. Garc´ıa-Dorado, F. Mata, J. Ramos, P. M. S. del R´ıo, V. Moreno, J. Aracil, High-performance network traffic processing systems using commodity hardware, in: Data traffic monitoring and analysis, Springer, pp. 3–27, 2013. http://dx.doi.org/10.1007/978-3-642-36784-7_1.
- D. Scholz, A look at intels dataplane development kit, Network 115. http://dx.doi.org/10.2313/NET-2014-08-1_15.
- G. Liao, X. Znu, L. Bnuyan, A new server i/o architecture for high speed networks, in: 2011 IEEE 17th International Symposium on High Performance Computer Architecture, IEEE, pp. 255–265, 2011.
- S. Han, K. Jang, K. Park, S. Moon, Packetshader: a gpu-accelerated software router, ACM SIGCOMM Computer Communication Review 40 (4), 195–206, 2010. https://doi.org/10.1145/1851275.1851207.
- W. Wu, P. DeMar, M. Crawford, Why can some advanced ethernet nics cause packet reordering?, IEEE Communications Letters 15 (2), 253–255, 2010. https://doi.org/10.1109/LCOMM.2011.122010.10 022.
- C. Benvenuti, Understanding linux network internals, o’relly media, Inc., Sebastopol, CA.
- M. Dobrescu, K. Argyraki, S. Ratnasamy, Toward predictable performance in software packet-processing platforms, in: 9th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 12), pp. 141–154., 2012.
- D. Barach, L. Linguaglossa, D. Marion, P. Pfister, S. Pontarelli, D. Rossi, High-speed software data plane via vectorized packet processing, IEEE Communications Magazine 56 (12), 97–103, 2018. https://doi.org/10.1109/MCOM.2018.1800069.
- E. Kohler, R. Morris, B. Chen, J. Jannotti, M. F. Kaashoek, The click modular router, ACM Transactions on Computer Systems (TOCS) 18 (3), 263–297, 2000. https://doi.org/10.1145/354871.354874.
- L. Rizzo, netmap: a novel framework for fast packet i/o, in: 21st USENIX Security Symposium (USENIX Security 12), pp. 101–112, 2012. https://doi.org/10.1145/354871.354874.
- INTEL DPDK, https://www.dpdk.org/, Accessed 3 October 2022.
- T. Barbette, C. Soldani, L. Mathy, Fast userspace packet processing, in: 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), IEEE, pp. 5–16, 2015.
- PFRING, http://www.ntop.org/products/packet-capture/pf_ring/, Accessed 3 October 2022.
- W. Sun, R. Ricci, Fast and flexible: Parallel packet processing with gpus and click, in: Architectures for Networking and Communications Systems, IEEE, pp. 25–35, 2013.
- G. Vasiliadis, L. Koromilas, M. Polychronakis, S. Ioannidis, {GASPP}: A gpu-accelerated stateful packet processing framework, in: 2014 {USENIX} Annual Technical Conference ({USENIX}{ATC} 14), pp. 321–332, 2014.
- Y. Go, M. A. Jamshed, Y. Moon, C. Hwang, K. Park, Apunet: Revitalizing {GPU} as packet processing accelerator, in: 14th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 17), pp. 83–96, 2017.
- B. Li, K. Tan, L. Luo, Y. Peng, R. Luo, N. Xu, Y. Xiong, P. Cheng, E. Chen, Clicknp: Highly flexible and high performance network processing with reconfigurable hardware, in: Proceedings of the 2016 ACM SIGCOMM Conference, pp. 1–14, 2016.
- Intel DPDK Performance on the SAU5081I Server, https://www.accton.com/Technology-Brief/inteldpdk-performance-on-the-sau5081i-server/, Accessed 3 October 2022.
- L. Rizzo, L. Deri, A. Cardigliano, 10 gbit/s line rate packet processing using commodity hardware: Survey and new proposals, 2012.
- Google Transparency Report, https://transparencyreport.google.com/https/overview, Accessed 3 October 2022.
- F. Yu, R. H. Katz, T. V. Lakshman, Gigabit rate packet pattern-matching using tcam, in: Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004., IEEE, pp. 174–183, 2004.
- J.-S. Sung, S.-M. Kang, Y. Lee, T.-G. Kwon, B.-T. Kim, A multi-gigabit rate deep packet inspection algorithm using tcam, in: GLOBECOM’05. IEEE Global Telecommunications Conference, Vol. 1, IEEE, 2005.
- T. Ho, S.-J. Cho, S.-R. Oh, Parallel multiple pattern matching schemes based on cuckoo filter for deep packet inspection on graphics processing units, IET Information Security 12 (4), 381–388, 2018. https://doi.org/10.1049/iet-ifs.2017.0421.
- J. Han, S. Kim, D. Cho, B. Choi, J. Ha, D. Han, A secure middlebox framework for enabling visibility over multiple encryption protocols, IEEE/ACM Transactions on Networking 28 (6), 2727–2740, 2020. https://doi.org/10.1109/TNET.2020.3016785.
- H. Duan, X. Yuan, C. Wang, Lightbox: Sgx-assisted secure network functions at near-native speed. corr abs/1706.06261, arXiv preprint arXiv:1706.06261, 2017.
- B. Fan, D. G. Andersen, M. Kaminsky, M. D. Mitzenmacher, Cuckoo filter: Practically better than bloom, in: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 75–88, 2014.
- L. Deri, M. Martinelli, T. Bujlow, A. Cardigliano, ndpi: Open-source high-speed deep packet inspection, in: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), IEEE, pp. 617–622, 2014.
- F. Risso, M. Baldi, O. Morandi, A. Baldini, P. Monclus, Lightweight, payload-based traffic classification: An experimental evaluation, in: 2008 IEEE International Conference on Communications, IEEE, pp. 5869–5875, 2008.
- Protocol and application classification with metadata extraction (PACE) , https://www.ipoque.com/products/dpi-engine-rsrpace-2, Accessed 3 October 2022.
- T. Bujlow, V. Carela-Espanol, Comparison of deep packet inspection (dpi) tools for traffic classification.
- S. Alcock, R. Nelson, Measuring the accuracy of open-source payload-based traffic classifiers using popular internet applications, in: 38th Annual IEEE Conference on Local Computer Networks-Workshops, IEEE, pp. 956–963, 2013.
- T. Bujlow, V. Carela-Espa˜nol, P. Barlet-Ros, Independent comparison of popular dpi tools for traffic classification, Computer Networks 76, 75–89, 2015. https://doi.org/10.1016/j.comnet.2014.11.001.
- G. B. Satrya, F. E. Nugroho, T. Brotoharsono, Improving network security-a comparison between ndpi and l7-filter, International Journal on Information and Communication Technology (IJoICT) 2 (2), 11–11, 2016. https://doi.org/10.21108/IJOICT.2016.22.77.
- R. Muth, U. Manber, Approximate multiple string search, in: Annual Symposium on Combinatorial Pattern Matching, Springer, pp. 75–86, 1996.
- R. M. Karp, M. O. Rabin, Efficient randomized pattern-matching algorithms, IBM journal of research and development 31 (2), 249–260, 1987. https://doi.org/10.1147/rd.312.0249.
- V. Gupta, M. Singh, V. K. Bhalla, Pattern matching algorithms for intrusion detection and prevention system: A comparative analysis, in: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, pp. 50–54, 2014.
- N. Shoaib, J. Shamsi, T. Mustafa, A. Zaman, J. ul Hasan, M. Gohar, Gdpi: Signature based deep packet inspection using gpus, Int. J. Adv. Comput. Sci. Appl 8 (11), 210–216, 2017. https://doi.org/10.14569/IJACSA.2017.081128.
- M. Ramesh, H. Jeon, Parallelizing deep packet inspection on gpu, in: 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), IEEE, pp. 248–253, 2018.
- J. Sharma, M. Singh, Cuda based rabin-karp pattern matching for deep packet inspection on a multicore gpu, International Journal of Computer Network and Information Security 7 (10), 70–77, 2015. https://doi.org/10.5815/ijcnis.2015.10.08.
- B. H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM 13 (7), 422–426, 1970. https://doi.org/10.1145/362686.362692.
- L. Fan, P. Cao, J. Almeida, A. Z. Broder, Summary cache: a scalable wide-area web cache sharing protocol, IEEE/ACM transactions on networking 8 (3), 281–293, 2000. https://doi.org/10.1109/90.851975.
- F. Bonomi, M. Mitzenmacher, R. Panigrahy, S. Singh, G. Varghese, An improved construction for counting bloom filters, in: European Symposium on Algorithms, Springer, pp. 684–695, 2006.
- F. Putze, P. Sanders, J. Singler, Cache-, hash-and space-efficient bloom filters, in: International Workshop on Experimental and Efficient Algorithms, Springer, pp. 108–121, 2007.
- D. E. Knuth, The art of computer programming: Sorting and searching, Vol. 3, Addison-Wesley Publishing Company.
- M. Al-Hisnawi, M. Ahmadi, Qcf for deep packet inspection, IET Networks 7 (5), 346–352, 2018. https://doi.org/10.1049/iet-net.2017.0037.
- N. S. Artan, H. J. Chao, Multi-packet signature detection using prefix bloom filters, in: GLOBECOM’05. IEEE Global Telecommunications Conference, 2005., Vol. 3, IEEE, 2005.
- T. Kocak, I. Kaya, Low-power bloom filter architecture for deep packet inspection, IEEE Communications Letters 10 (3), 210–212, 2006. https://doi.org/10.1109/LCOMM.2006.1603387.
- Y. Chen, A. Kumar, J. J. Xu, A new design of bloom filter for packet inspection speedup, in: IEEE GLOBECOM 2007-IEEE Global Telecommunications Conference, IEEE, pp. 1–5, 2007.
- M. Al-Hisnawi, M. Ahmadi, Deep packet inspection using quotient filter, IEEE Communications Letters 20 (11), 2217–2220, 2016. https://doi.org/10.1109/LCOMM.2016.2601898.
- M. Al-Hisnawi, M. Ahmadi, Deep packet inspection using cuckoo filter, in: 2017 Annual Conference on New Trends in Information & Communications Technology Applications (NTICT), IEEE, pp. 197–202, 2017.
- R. S. Boyer, J. S. Moore, A fast string searching algorithm, Communications of the ACM 20 (10), 762–772, 1977. https://doi.org/10.1145/359842.359859.
- S. Wu, U. Manber, et al., A fast algorithm for multi-pattern searching, University of Arizona. Department of Computer Science, 1994.
- Y. Wang, H. Kobayashi, An improved technology for content matching intrusion detection system, in: 2006 International Conference on Software in Telecommunications and Computer Networks, IEEE, pp. 238–241, 2006.
- A. A. Hasan, N. A. A. Rashid, Hash-boyer-moore-horspool string matching algorithm for intrusion detection system, in: International Conference on Computer Networks and Communication Systems, IPCSIT, 35, pp. 12–16, 2012.
- S. Sharma, M. Dixit, Single digit hash boyer moore horspool pattern matching algorithm for intrusion detection system, International Journal of Future Generation Communication and Networking 9 (9), 169–180, 2016. https://doi.org/10.14257/ijfgcn.2016.9.9.15.
- R. Padmashani, S. Sathyadevan, D. Dath, Bsnort ips better snort intrusion detection/prevention system, in: 2012 12th International Conference on Intelligent Systems Design and Applications (ISDA), IEEE, pp. 46–51, 2012.
- S. Gupta, Efficient malicious domain detection using word segmentation and bm pattern matching, in: 2016 International Conference on Recent Advances and Innovations in Engineering (ICRAIE), IEEE, pp. 1–6, 2016.
- T. F. A. Rahman, A. G. Buja, K. Abd, F. M. Ali, Sql injection attack scanner using boyer-moore string matching algorithm., J. Comput. 12 (2), 183–189, 2017. https://doi.org/10.17706/jcp.12.2.183-189.
- Y. Otoum, A. Nayak, As-ids: Anomaly and signature based ids for the internet of things, Journal of Network and Systems Management 29 (3), 1–26, 2021. https://doi.org/0.1007/s10922-021-09589-6.
- Q. Zheng, An improved multiple patterns matching algorithm for intrusion detection, in: 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems, Vol. 2, IEEE, pp. 124–127, 2010.
- C. Ke-Qin, D. Lin, W. Hui, An improved multi-pattern matching algorithms in intrusion detection, in: 2013 Fifth International Conference on Measuring Technology and Mechatronics Automation, IEEE, pp. 203–205, 2013.
- M. Aldwairi, K. Al-Khamaiseh, F. Alharbi, B. Shah, Bloom filters optimized wu-manber for intrusion detection, Journal of Digital Forensics, Security and Law 11 (4), 5, 2016. https://doi.org/10.15394/jdfsl.2016.1427.
- B. Zhang, X. Chen, X. Pan, Z. Wu, High concurrence wu-manber multiple patterns matching algorithm, in: Proceedings. The 2009 International Symposium on Information Processing (ISIP 2009), Citeseer, p. 404, 2009.
- D. Luchaup, L. De Carli, S. Jha, E. Bach, Deep packet inspection with dfa-trees and parametrized language overapproximation, in: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, IEEE, pp. 531–539, 2014.
- M. ˇCeˇska, V. Havlena, L. Hol´ık, O. Leng´al, T. Vojnar, Approximate reduction of finite automata for high-speed network intrusion detection, International Journal on Software Tools for Technology Transfer 22 (5), 523–539, 2020. https://doi.org/10.1007/978-3-319-89963-3_9.
- M. Ceˇska, V. Havlena, L. Hol´ık, J. Korenek, O. Leng´al, D. Matouˇsek, J. Matouˇsek, J. Semric, T. Vojnar, Deep packet inspection in fpgas via approximate nondeterministic automata, in: 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), IEEE, pp. 109–117, 2019.
- M. Roesch, et al., Snort: Lightweight intrusion detection for networks., in: Lisa, Vol. 99, 1999, pp. 229–238.
- R. Sommer, Bro: An open source network intrusion detection system, Security, E-learning, E-Services, 17. DFNArbeitstagung¨uber Kommunikationsnetze. https://doi.org/10.1007/978-3-319-89963-3_9.
- Cisco IOS Intrusion Prevention System (IPS) , https://www.cisco.com/c/en/us/products/security/iosintrusion-prevention-system-ips/index.html, Accessed 3 October 2022.
- X. Yu, W.-c. Feng, D. Yao, M. Becchi, O3 fa: A scalable finite automata–based pattern-matching engine for out–of–order deep packet inspection, in: 2016 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), IEEE, pp. 1–11, 2016.
- C. Yin, H. Wang, X. Yin, R. Sun, J. Wang, Improved deep packet inspection in data stream detection, The Journal of Supercomputing 75 (8), 4295–4308, 2019. https://doi.org/10.1007/s11227-018-2685-y.
- R. Sun, L. Shi, C. Yin, J. Wang, An improved method in deep packet inspection based on regular expression, The Journal of Supercomputing 75 (6), 3317–3333, 2019. https://doi.org/10.1007/s11227-018-2517-0.
- S. Nagaraju, B. Shanmugham, K. Baskaran, High throughput token driven fsm based regex pattern matching for network intrusion detection system, Materials Today: Proceedings. https://doi.org/10.1016/j.matpr.2021.04.028.
- A. V. Aho, M. J. Corasick, Efficient string matching: an aid to bibliographic search, Communications of the ACM 18 (6), 333–340, 1975. https://doi.org/10.1145/360825.360855.
- M. Norton, Optimizing pattern matching for intrusion detection, Sourcefire, Inc., Columbia, MD.
- N. Tuck, T. Sherwood, B. Calder, G. Varghese, Deterministic memory-efficient string matching algorithms for intrusion detection, in: IEEE INFOCOM 2004, 4, IEEE, pp. 2628–2639, 2004.
- L. Tan, T. Sherwood, A high throughput string matching architecture for intrusion detection and prevention, in: 32nd International Symposium on Computer Architecture (ISCA’05), IEEE, pp. 112–122, 2005.
- T.-H. Lee, N.-L. Huang, A pattern-matching scheme with high throughput performance and low memory requirement, IEEE/ACM Transactions on Networking 21 (4), 1104–1116, 2012. https://doi.org/10.1109/TNET.2012.2224881.
- H. Kim, A scalable architecture for reducing power consumption in pipelined deep packet inspection system, Microelectronics Journal 46 (10), 950–955, 2015. https://doi.org/10.1016/j.mejo.2015.08.002.
- X. Zha, S. Sahni, Multipattern string matching on a gpu, in: 2011 IEEE Symposium on Computers and Communications (ISCC), IEEE, pp. 277–282, 2011.
- C.-H. Lin, C.-H. Liu, L.-S. Chien, S.-C. Chang, Accelerating pattern matching using a novel parallel algorithm on gpus, IEEE Transactions on Computers 62 (10), 1906–1916, 2012. https://doi.org/10.1109/TC.2012.254.
- C.-L. Lee, Y.-S. Lin, Y.-C. Chen, A hybrid cpu/gpu pattern-matching algorithm for deep packet inspection, PloS one 10 (10), e0139301, 2015. https://doi.org/10.1371/journal.pone.0139301.
- C.-L. Hsieh, L. Vespa, N. Weng, A high-throughput dpi engine on gpu via algorithm/implementation co-optimization, Journal of Parallel and Distributed Computing 88, 46–56, 2016. https://doi.org/10.1016/j.jpdc.2015.11.001.
- B. Choi, J. Chae, M. Jamshed, K. Park, D. Han, {DFC}: Accelerating string pattern matching for network applications, in: 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16), pp. 551–565, 2016.
- D. C. Sicker, P. Ohm, D. Grunwald, Legal issues surrounding monitoring during network research, in: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 141–148, 2007.
- T. T. Nguyen, G. Armitage, A survey of techniques for internet traffic classification using machine learning, IEEE communications surveys & tutorials 10 (4), 56–76, 2008. https://doi.org/10.1109/SURV.2008.080406.
- A. Finamore, M. Mellia, M. Meo, D. Rossi, Kiss: Stochastic packet inspection classifier for udp traffic, IEEE/ACM Transactions on Networking 18 (5), 1505–1515, 2010. https://doi.org/10.1109/TNET.2010.2044046.
- B. Anderson, D. McGrew, Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity, in: Proceedings of the 23rd ACM SIGKDD International Conference on knowledge discovery and data mining, pp. 1723–1732, 2017.
- B. Anderson, S. Paul, D. McGrew, Deciphering malware’s use of tls (without decryption), Journal of Computer Virology and Hacking Techniques 14 (3), 195–211, 2018. https://doi.org/10.1007/s11416-017-0306-6.
- A. Yamada, Y. Miyake, K. Takemori, A. Studer, A. Perrig, Intrusion detection for encrypted web accesses, in: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07), 1, IEEE, pp. 569–576, 2007.
- J. Y. Chung, B. Park, Y. J. Won, J. Strassner, J. W. Hong, Traffic classification based on flow similarity, in: International Workshop on IP Operations and Management, Springer, pp. 65–77, 2009.
- E. Rocha, P. Salvador, A. Nogueira, Detection of illicit network activities based on multivariate gaussian fitting of multi-scale traffic characteristics, in: 2011 IEEE International Conference on Communications (ICC), IEEE, pp. 1–6, 2011.
- I. Goodfellow, Y. Bengio, A. Courville, Deep learning, MIT press, 2016.
- Y. LeCun, Y. Bengio, G. Hinton, Deep learning, nature 521 (7553), 436–444, 2015. https://doi.org/10.1038/nature14539.
- M. A. Alsheikh, D. Niyato, S. Lin, H.-P. Tan, Z. Han, Mobile big data analytics using deep learning and apache spark, IEEE network 30 (3), 22–29, 2016. https://doi.org/10.1109/MNET.2016.7474340.
- B. J. Radford, L. M. Apolonio, A. J. Trias, J. A. Simpson, Network traffic anomaly detection using recurrent neural networks, arXiv preprint arXiv:1803.10769.
- D. Andreoletti, S. Troia, F. Musumeci, S. Giordano, G. Maier, M. Tornatore, Network traffic prediction based on diffusion convolutional recurrent neural networks, in: IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, pp. 246–251, 2019.
- K. Ding, S. Ding, A. Morozov, T. Fabarisov, K. Janschek, On-line error detection and mitigation for time-series data of cyber-physical systems using deep learning based methods, in: 2019 15th European Dependable Computing Conference (EDCC), IEEE, pp. 7–14, 2019.
- W. Zhong, F. Gu, A multi-level deep learning system for malware detection, Expert Systems with Applications 133, 151–162, 2019. https://doi.org/10.1016/j.eswa.2019.04.064.
- A. D’Alconzo, I. Drago, A. Morichetta, M. Mellia, P. Casas, A survey on big data for network traffic monitoring and analysis, IEEE Transactions on Network and Service Management 16 (3), 800–813, 2019. https://doi.org/10. 1109/TNSM.2019.2933358.
- M. Alicherry, M. Muthuprasanna, V. Kumar, High speed pattern matching for network ids/ips, in: Proceedings of the 2006 IEEE International Conference on Network Protocols, IEEE, pp. 187–196, 2006.
- H. Kim, K.-I. Choi, A pipelined non-deterministic finite automaton-based string matching scheme using merged state transitions in an fpga, PloS one 11 (10), e0163535, 2016. https://doi.org/10.1371/journal.pone.0163535.
- I. Sourdis, D. N. Pnevmatikatos, S. Vassiliadis, Scalable multigigabit pattern matching for packet inspection, IEEE Transactions on Very Large Scale Integration (VLSI) Systems 16 (2), 156–166, 2008. https://doi.org/10.1109/ TVLSI.2007.912036.
- R.-T. Liu, N.-F. Huang, C.-H. Chen, C.-N. Kao, A fast string-matching algorithm for network processor-based intrusion detection system, ACM Transactions on Embedded Computing Systems (TECS) 3 (3), 614–633, 2004. https://doi.org/10.1145/1015047.1015055.
- D. F. Bacon, R. Rabbah, S. Shukla, Fpga programming for the masses, Communications of the ACM 56 (4), 56–63, 2013. https://doi.org/10.1145/2436256.2436271.
- Y. Sun, H. Liu, V. C. Valgenti, M. S. Kim, Hybrid regular expression matching for deep packet inspection on multi-core architecture, in: 2010 Proceedings of 19th International Conference on Computer Communications and Networks, IEEE, pp. 1–7, 2010.
- Y.-H. E. Yang, V. K. Prasanna, Robust and scalable string pattern matching for deep packet inspection on multicore processors, IEEE Transactions on Parallel and Distributed Systems 24 (11), 2283–2292, 2012 https://doi.org/10.1109/TPDS.2012.217.
- C.-L. Lee, T.-H. Yang, A flexible pattern-matching algorithm for network intrusion detection systems using multi-core processors, Algorithms 10 (2), 58, 2017. https://doi.org/10.3390/a10020058.
- CUDA C PROGRAMMING GUIDE , https://docs.nvidia.com/cuda/archive/9.1/pdf/CUDA_C_Programming_Guide.pdf, Accessed 3 October 2022.
- R. Smith, N. Goyal, J. Ormont, K. Sankaralingam, C. Estan, Evaluating gpus for network packet signature matching, in: 2009 IEEE International Symposium on Performance Analysis of Systems and Software, IEEE, pp. 175–184, 2009.
- M. Ramesh, Network traffic anomaly-detection framework using gpus, Ph.D. thesis, San Jose State University, 2017.
- X. d. C. de Carnavalet, P. C. van Oorschot, A survey and analysis of tls interception mechanisms and motivations, arXivpreprint arXiv:2010.16388.
- K. Moriarty, A. Morton, Effects of pervasive encryption on operators, draft-mm-wg-effect-encrypt-25 (work in progress).
- K. Bhargavan, I. Boureanu, A. Delignat-Lavaud, P.-A. Fouque, C. Onete, A formal treatment of accountable proxying over tls, in: 2018 IEEE Symposium on Security and Privacy (SP), IEEE, pp. 799–816, 2018.
- C. Lan, J. Sherry, R. A. Popa, S. Ratnasamy, Z. Liu, Embark: Securely outsourcing middleboxes to the cloud, in: 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16), 2016, pp. 255–273.
- G. S. Poh, D. M. Divakaran, H. W. Lim, J. Ning, A. Desai, A survey of privacy-preserving techniques for encrypted traffic inspection over network middleboxes, arXiv preprint arXiv:2101.04338.
- L. S. Huang, A. Rice, E. Ellingsen, C. Jackson, Analyzing forged ssl certificates in the wild, in: 2014 IEEE Symposium on Security and Privacy, IEEE, pp. 83–97, 2014.
- J. Ning, G. S. Poh, J.-C. Loh, J. Chia, E.-C. Chang, Privdpi: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657–1670, 2019.
- X. de Carn´e de Carnavalet, M. Mannan, Killed by proxy: analyzing client-end tls interception software https://doi.org/10.3390/a10020058.
- Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. A. Halderman, V. Paxson, The security impact of https interception., in: NDSS, 2017.
- L. Waked, M. Mannan, A. Youssef, To intercept or not to intercept: Analyzing tls interception in network appliances, in: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 399–412, 2018.
- MitMProxy, https://mitmproxy.org/, Accessed 3 October 2022.
- SSLSpit, https://www.roe.ch/, Accessed 3 October 2022.
- J. Sherry, C. Lan, R. A. Popa, S. Ratnasamy, Blindbox: Deep packet inspection over encrypted traffic, in: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226, 2015.
- S. Canard, A. Diop, N. Kheir, M. Paindavoine, M. Sabt, Blindids: Market-compliant and privacy-friendly intrusion detection system over encrypted traffic, in: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 561–574, 2017.
- T. Fuhr, P. Paillier, Decryptable searchable encryption, in: International Conference on Provable Security, Springer, pp. 228–236, 2007.
- J. Fan, C. Guan, K. Ren, Y. Cui, C. Qiao, Spabox: Safeguarding privacy during deep packet inspection at a middlebox, IEEE/ACM Transactions on Networking 25 (6), 3753–3766, 2017. https://doi.org/10.1109/TNET.2017.2753044.
- J. Ning, X. Huang, G. S. Poh, S. Xu, J.-C. Loh, J. Weng, R. H. Deng, Pine: Enabling privacy-preserving deep packet inspection on tls with rule-hiding and fast connection establishment, in: European Symposium on Research in Computer Security, Springer, pp. 3–22, 2020.
- H. Ren, H. Li, D. Liu, G. Xu, N. Cheng, X. S. Shen, Privacy-preserving efficient verifiable deep packet inspection for cloud-assisted middlebox, IEEE Transactions on Cloud Computing. https://doi.org/10.1109/TCC.2020.2991167.
- H. J. Asghar, L. Melis, C. Soldani, E. De Cristofaro, M. A. Kaafar, L. Mathy, Splitbox: Toward efficient private network function virtualization, in: Proceedings of the 2016 workshop on Hot topics in Middleboxes and Network Function Virtualization, pp. 7–13, 2016.
- S. Lai, S. Patranabis, A. Sakzad, J. K. Liu, D. Mukhopadhyay, R. Steinfeld, S.-F. Sun, D. Liu, C. Zuo, Result pattern hiding searchable encryption for conjunctive queries, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 745–762, 2018.
- D. Naylor, K. Schomp, M. Varvello, I. Leontiadis, J. Blackburn, D. R. L´opez, K. Papagiannaki, P. Rodriguez Rodriguez, P. Steenkiste, Multi-context tls (mctls) enabling secure in-network functionality in tls, ACM SIGCOMM Computer Communication Review 45 (4), 199–212, 2015. https://doi.org/10.1145/2829988.2787482.
- D. Naylor, R. Li, C. Gkantsidis, T. Karagiannis, P. Steenkiste, And then there were more: Secure communication for more than two parties, in: Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies, pp. 88–100, 2017.
- H. Lee, Z. Smith, J. Lim, G. Choi, S. Chun, T. Chung, T. T. Kwon, matls: How to make tls middlebox-aware?, in: NDSS, 2019.
- D. Goltzsche, S. R¨usch, M. Nieke, S. Vaucher, N. Weichbrodt, V. Schiavoni, P.-L. Aublin, P. Cosa, C. Fetzer, P. Felber, et al., Endbox: Scalable middlebox functions using client-side trusted execution, in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp. 386–397, 2018.
- Perl Compatible Regular Expressions Library (PCRE2), https://ftp.pcre.org/pub/pcre/, Accessed 3 October 2022.
- N. D. Matsakis, F. S. Klock, The rust language, ACM SIGAda Ada Letters 34 (3), 103–104, 2014. https://doi. org/10.1145/2692956.2663188.
- D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, C. Fetzer, Sgxbounds: Memory safety for shielded execution, in: Proceedings of the Twelfth European Conference on Computer Systems, pp. 205–221, 2017.
- L. Szekeres, M. Payer, T. Wei, D. Song, Sok: Eternal war in memory, in: 2013 IEEE Symposium on Security and Privacy, IEEE, pp. 48–62, 2013.
- R. Poddar, C. Lan, R. A. Popa, S. Ratnasamy, Safebricks: Shielding network functions in the cloud, in: 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18), pp. 201–216, 2018.
- B. Trach, A. Krohmer, F. Gregor, S. Arnautov, P. Bhatotia, C. Fetzer, Shieldbox: Secure middleboxes using shielded execution, in: Proceedings of the Symposium on SDN Research, pp. 1–14, 2018.
- S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’keeffe, M. L. Stillwell, et al., {SCONE}: Secure linux containers with intel {SGX}, in: 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16), pp. 689–703, 2016.
- hyperscan, https://www.hyperscan.io/, Accessed 3 October 2022.
- J. M. Sherry, Middleboxes as a cloud service, Ph.D. thesis, UC Berkeley, 2016.
- Y. Lindell, The security of intel sgx for key protection and data privacy applications.
- D. Cash, P. Grubbs, J. Perry, T. Ristenpart, Leakage-abuse attacks against searchable encryption, in: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 668–679, 2015.
- G. Kellaris, G. Kollios, K. Nissim, A. O’neill, Generic attacks on secure outsourced databases, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1340, 2016.
- M. S. Islam, M. Kuzu, M. Kantarcioglu, Access pattern disclosure on searchable encryption: ramification, attack and mitigation., in: Ndss, Vol. 20, Citeseer, p. 12, 2012.
- J. Ning, J. Xu, K. Liang, F. Zhang, E.-C. Chang, Passive attacks against searchable encryption, IEEE Transactions on Information Forensics and Security 14 (3), 789–802, 2018. https://doi.org/10.1109/TIFS.2018.2866321.
- Cisco Encrypted Traffic Analytics White Paper, https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.html, Accessed 3 October 2022.
- S. Hajiheidari, K. Wakil, M. Badri, N. J. Navimipour, Intrusion detection systems in the internet of things: A comprehensive investigation, Computer Networks 160, 165–191, 2019. https://doi.org/10.1016/j.comnet.2019.05.014.
- C. Birkinshaw, E. Rouka, V. G. Vassilakis, Implementing an intrusion detection and prevention system using softwaredefined networking: Defending against port-scanning and denial-of-service attacks, Journal of Network and Computer Applications 136, 71–85, 2019. https://doi.org/10.1016/j.jnca.2019.03.005.
- H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, K.-Y. Tung, Intrusion detection system: A comprehensive review, Journal of Network and Computer Applications 36 (1), 16–24, 2013. https://doi.org/10.1016/j.jnca.2012.09.004.
- S. Raza, L. Wallgren, T. Voigt, Svelte: Real-time intrusion detection in the internet of things, Ad hoc networks 11 (8), 2661–2674, 2013. https://doi.org/10.1016/j.adhoc.2013.04.014.
- H. Sedjelmaci, S. M. Senouci, M. Al-Bahri, A lightweight anomaly detection technique for low-resource iot devices: A game-theoretic methodology, in: 2016 IEEE international conference on communications (ICC), IEEE, pp. 1–6, 2016.
- R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based anomaly detection: a new approach for detecting network intrusions, in: Proceedings of the 9th ACM conference on Computer and communications security, pp. 265–274, 2002.
- S. Demirci, M. Demirci, S. Sagiroglu, Virtual security functions and their placement in software defined networks: A survey, Gazi University Journal of Science 32 (3), 833–851, 2019. https://doi.org/10.35378/gujs.422000.
- B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, T. Turletti, A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Communications surveys & tutorials 16 (3), 1617–1634, 2014. https://doi.org/10.1109/SURV.2014.012214.00180.
- B. Han, V. Gopalakrishnan, L. Ji, S. Lee, Network function virtualization: Challenges and opportunities for innovations, IEEE Communications Magazine 53 (2), 90–97, 2015. https://doi.org/10.1109/MCOM.2015.7045396.
- G.Wang, T. E. Ng, The impact of virtualization on network performance of amazon ec2 data center, in: 2010 Proceedings IEEE INFOCOM, IEEE, pp. 1–9, 2010.
- S. Scott-Hayward, S. Natarajan, S. Sezer, A survey of security in software defined networks, IEEE Communications Surveys & Tutorials 18 (1), 623–654, 2015. https://doi.org/10.1109/COMST.2015.2453114.
- J. C. C. Chica, J. C. Imbachi, J. F. B. Vega, Security in sdn: A comprehensive survey, Journal of Network and Computer Applications 159, 102595, 2020. https://doi.org/10.1016/j.jnca.2020.102595.
- L. Schehlmann, S. Abt, H. Baier, Blessing or curse? revisiting security aspects of software-defined networking, in: 10th International Conference on Network and Service Management (CNSM) and Workshop, IEEE, pp. 382–387, 2014.
- M. Liyanage, M. Ylianttila, A. Gurtov, Securing the control channel of software-defined mobile networks, in: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, IEEE, pp. 1–6, 2014.
- Y. Jarraya, A. Shameli-Sendi, M. Pourzandi, M. Cheriet, Multistage ocdo: Scalable security provisioning optimization in sdn-based cloud, in: 2015 IEEE 8th International Conference on Cloud Computing, IEEE, pp. 572–579, 2015.
- M. Sainz, I. Garitano, M. Iturbe, U. Zurutuza, Deep packet inspection for intelligent intrusion detection in softwaredefined industrial networks: A proof of concept, Logic Journal of the IGPL 28 (4), 461–472, 2020.
- A. Bremler-Barr, Y. Harchol, D. Hay, Y. Koral, Deep packet inspection as a service, in: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 271–282, 2014.
- Y. Li, R. Fu, An parallelized deep packet inspection design in software defined network, in: Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, IEEE, pp. 6–10, 2014.
- A. Abubakar, B. Pranggono, Machine learning based intrusion detection system for software defined networks, in: 2017 seventh international conference on emerging security technologies (EST), IEEE, pp. 138–143, 2017.
- C. Yu, J. Lan, J. Xie, Y. Hu, Qos-aware traffic classification architecture using machine learning and deep packet inspection in sdns, Procedia computer science 131, 1209–1216, 2018. https://doi.org/10.1016/j.procs.2018.04.331.
- M. Bouet, J. Leguay, V. Conan, Cost-based placement of virtualized deep packet inspection functions in sdn, in: MILCOM 2013-2013 IEEE Military Communications Conference, IEEE, pp. 992–997, 2013.
- M. Bouet, J. Leguay, T. Combe, V. Conan, Cost-based placement of vdpi functions in nfv infrastructures, International Journal of Network Management 25 (6), 490–506, 2015. https://doi.org/10.1002/nem.1920.
- J. Kim, J. Lee, J. Kim, J. Yun, M2m service platforms: Survey, issues, and enabling technologies, IEEE Communications Surveys & Tutorials 16 (1), 61–76, 2013. https://doi.org/10.1109/SURV.2013.100713.00203
- H. Yao, P. Gao, J. Wang, P. Zhang, C. Jiang, Z. Han, Capsule network assisted iot traffic classification mechanism for smart cities, IEEE Internet of Things Journal 6 (5), 7515–7525, 2019. https://doi.org/10.1109/JIOT.2019.2901348.
- E. Bertino, N. Islam, Botnets and internet of things security, Computer 50 (2), 76–79, 2017. https://doi.org/10.1109/MC.2017.62.
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet, in: 26th {USENIX} security symposium ({USENIX} Security 17), pp. 1093–1110, 2017.
- Y. Zhang, N. Meratnia, P. Havinga, Outlier detection techniques for wireless sensor networks: A survey, IEEE communications surveys & tutorials 12 (2), 159–170, 2010. https://doi.org/10.1109/SURV.2010.021510.00088.
- J. Wang, Q. Kuang, S. Duan, A new online anomaly learning and detection for large-scale service of internet of thing, Personal and Ubiquitous Computing 19 (7), 1021–1031, 2015.
- H. Sun, X. Wang, R. Buyya, J. Su, Cloudeyes: Cloud-based malware detection with reversible sketch for resourceconstrained internet of things (iot) devices, Software: Practice and Experience 47 (3), 421–441, 2017. https://doi.org/10.1002/spe.2420.
- D. Oh, D. Kim, W. W. Ro, A malicious pattern detection engine for embedded security systems in the internet of things, Sensors 14 (12), 24188–24211, 2014. https://doi.org/10.3390/s141224188.
- S. O. Amin, M. S. Siddiqui, C. S. Hong, J. Choe, A novel coding scheme to implement signature based ids in ip based sensor networks, in: 2009 IFIP/IEEE International Symposium on Integrated Network Management-Workshops, IEEE, pp. 269–274, 2009.
- H. Sedjelmaci, S. M. Senouci, T. Taleb, An accurate security game for low-resource iot devices, IEEE Transactions on Vehicular Technology 66 (10), 9381–9393, 2017. https://doi.org/10.1109/TVT.2017.2701551.
- D. Midi, A. Rullo, A. Mudgerikar, E. Bertino, Kalis—a system for knowledge-driven adaptable intrusion detection for the internet of things, in: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), IEEE, pp. 656–666, 2017.
- Y. Lee, Y. Lee, Toward scalable internet traffic measurement and analysis with hadoop, ACM SIGCOMM Computer Communication Review 43 (1), 5–13, 2012. https://doi.org/10.1145/2427036.2427038.
- M. Wullink, G. C. Moura, M. M¨uller, C. Hesselman, Entrada: A high-performance network traffic data streaming warehouse, in: NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, pp. 913-918, 2016.
- C. Orsini, A. King, D. Giordano, V. Giotsas, A. Dainotti, Bgpstream: a software framework for live and historical bgp data analysis, in: Proceedings of the 2016 Internet Measurement Conference, pp. 429–444, 2016.
- M. Becchi, M. Franklin, P. Crowley, A workload for evaluating deep packet inspection architectures, in: 2008 IEEE International Symposium on Workload Characterization, IEEE, pp. 79–89, 2008.
- F. Schneider, J. Wallerich, A. Feldmann, Packet capture in 10-gigabit ethernet environments using contemporary commodity hardware, in: International Conference on Passive and Active Network Measurement, Springer, pp. 207–217, 2007.
A comprehensive survey on deep packet inspection for advanced network traffic analysis: issues and challenges
Year 2023,
, 1 - 29, 15.01.2023
Merve Çelebi
,
Alper Özbilen
,
Uraz Yavanoğlu
Abstract
Deep Packet Inspection (DPI) provides full visibility into network traffic by performing detailed analysis on both packet header and packet payload. Accordingly, DPI has critical importance as it can be used in applications i.e network security or government surveillance. In this paper, we provide an extensive survey on DPI. Different from the previous studies, we try to efficiently integrate DPI techniques into network analysis mechanisms by identifying performance-limiting parameters in the analysis of modern network traffic. Analysis of the network traffic model with complex behaviors is carried out with powerful hybrid systems by combining more than one technique. Therefore, DPI methods are studied together with other techniques used in the analysis of network traffic. Security applications of DPI on Internet of Things (IoT) and Software-Defined Networking (SDN) architectures are discussed and Intrusion Detection Systems (IDS) mechanisms, in which the DPI is applied as a component of the hybrid system, are examined. In addition, methods that perform inspection of encrypted network traffic are emphasized and these methods are evaluated from the point of security, performance and functionality. Future research issues are also discussed taking into account the implementation challenges for all DPI processes.
References
- M. Abbasi, A. Shahraki, A. Taherkordi, Deep learning for network traffic monitoring and analysis (ntma): A survey, Computer Communications 170 (10), 19–41, 2021. https://doi.org/10.1016/j.comcom.2021.01.021.
- G. A. Pimenta Rodrigues, R. de Oliveira Albuquerque, F. E. Gomes de Deus, G. A. De Oliveira J´unior, L. J. Garc´ıa Villalba, T.-H. Kim, et al., Cybersecurity and network forensics: Analysis of malicious traffic towards a honeynet with deep packet inspection, Applied Sciences 7 (10), 1082, 2017.
https://doi.org/10.3390/app7101082.
- C. Parsons, Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials, Citeseer, 2011.
- C. Parsons, The politics of deep packet inspection: What drives surveillance by internet service providers?, Ph.D. thesis, 2013.
- C. Xu, S. Chen, J. Su, S.-M. Yiu, L. C. Hui, A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms, IEEE Communications Surveys & Tutorials 18 (4), 2991–3029, 2016. https://doi.org/10.1109/COMST.2016.2566669.
- R. Bendrath, M. Mueller, The end of the net as we know it? deep packet inspection and internet governance, New Media & Society 13 (7), 1142–1160, 2011. https://doi.org/10.1177/1461444811398031.
- P. Renals, G. A. Jacoby, Blocking skype through deep packet inspection, in: 2009 42nd Hawaii International Conference on System Sciences, IEEE, pp. 1–5, 2009.
- R. M. Topolski, F. Press, P. Knowledge, Nebuad and partner isps: Wiretapping, forgery and browser hijacking, Washington DC: FreePress.
- M. R. Shahid, G. Blanc, Z. Zhang, H. Debar, Iot devices recognition through network traffic analysis, in: 2018 IEEE international conference on big data (big data), IEEE, pp. 5187–5192, 2018.
- H. Tahaei, F. Afifi, A. Asemi, F. Zaki, N. B. Anuar, The rise of traffic classification in iot networks: A survey, Journal of Network and Computer Applications 154, 102538, 2020. https://doi.org/10.1016/j.jnca.2020.102538.
- R. Antonello, S. Fernandes, C. Kamienski, D. Sadok, J. Kelner, I. Godor, G. Szabo, T. Westholm, Deep packet inspection tools and techniques in commodity platforms: Challenges and trends, Journal of Network and Computer Applications 35 (6), 1863–1878, 2012. https://doi.org/10.1016/j.jnca.2012.07.010.
- M. Finsterbusch, C. Richter, E. Rocha, J.-A. Muller, K. Hanssgen, A survey of payload-based traffic classification approaches, IEEE Communications Surveys & Tutorials 16 (2), 1135–1156, 2013. https://doi.org/10.1109/SURV.2013.100613.00161.
- G. D. L. T. Parra, P. Rad, K.-K. R. Choo, Implementation of deep packet inspection in smart grids and industrial internet of things: Challenges and opportunities, Journal of Network and Computer Applications 135, 32–46, 2019. https://doi.org/10.1016/j.jnca.2019.02.022.
- W. Wu, M. Crawford, M. Bowden, The performance analysis of linux networking–packet receiving, Computer Communications 30 (5), 1044–1057, 2007. https://doi.org/10.1016/j.comcom.2006.11.001.
- R. Rosen, Linux kernel networking: Implementation and theory, Apress, 2014.
- J. L. Garc´ıa-Dorado, F. Mata, J. Ramos, P. M. S. del R´ıo, V. Moreno, J. Aracil, High-performance network traffic processing systems using commodity hardware, in: Data traffic monitoring and analysis, Springer, pp. 3–27, 2013. http://dx.doi.org/10.1007/978-3-642-36784-7_1.
- D. Scholz, A look at intels dataplane development kit, Network 115. http://dx.doi.org/10.2313/NET-2014-08-1_15.
- G. Liao, X. Znu, L. Bnuyan, A new server i/o architecture for high speed networks, in: 2011 IEEE 17th International Symposium on High Performance Computer Architecture, IEEE, pp. 255–265, 2011.
- S. Han, K. Jang, K. Park, S. Moon, Packetshader: a gpu-accelerated software router, ACM SIGCOMM Computer Communication Review 40 (4), 195–206, 2010. https://doi.org/10.1145/1851275.1851207.
- W. Wu, P. DeMar, M. Crawford, Why can some advanced ethernet nics cause packet reordering?, IEEE Communications Letters 15 (2), 253–255, 2010. https://doi.org/10.1109/LCOMM.2011.122010.10 022.
- C. Benvenuti, Understanding linux network internals, o’relly media, Inc., Sebastopol, CA.
- M. Dobrescu, K. Argyraki, S. Ratnasamy, Toward predictable performance in software packet-processing platforms, in: 9th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 12), pp. 141–154., 2012.
- D. Barach, L. Linguaglossa, D. Marion, P. Pfister, S. Pontarelli, D. Rossi, High-speed software data plane via vectorized packet processing, IEEE Communications Magazine 56 (12), 97–103, 2018. https://doi.org/10.1109/MCOM.2018.1800069.
- E. Kohler, R. Morris, B. Chen, J. Jannotti, M. F. Kaashoek, The click modular router, ACM Transactions on Computer Systems (TOCS) 18 (3), 263–297, 2000. https://doi.org/10.1145/354871.354874.
- L. Rizzo, netmap: a novel framework for fast packet i/o, in: 21st USENIX Security Symposium (USENIX Security 12), pp. 101–112, 2012. https://doi.org/10.1145/354871.354874.
- INTEL DPDK, https://www.dpdk.org/, Accessed 3 October 2022.
- T. Barbette, C. Soldani, L. Mathy, Fast userspace packet processing, in: 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), IEEE, pp. 5–16, 2015.
- PFRING, http://www.ntop.org/products/packet-capture/pf_ring/, Accessed 3 October 2022.
- W. Sun, R. Ricci, Fast and flexible: Parallel packet processing with gpus and click, in: Architectures for Networking and Communications Systems, IEEE, pp. 25–35, 2013.
- G. Vasiliadis, L. Koromilas, M. Polychronakis, S. Ioannidis, {GASPP}: A gpu-accelerated stateful packet processing framework, in: 2014 {USENIX} Annual Technical Conference ({USENIX}{ATC} 14), pp. 321–332, 2014.
- Y. Go, M. A. Jamshed, Y. Moon, C. Hwang, K. Park, Apunet: Revitalizing {GPU} as packet processing accelerator, in: 14th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 17), pp. 83–96, 2017.
- B. Li, K. Tan, L. Luo, Y. Peng, R. Luo, N. Xu, Y. Xiong, P. Cheng, E. Chen, Clicknp: Highly flexible and high performance network processing with reconfigurable hardware, in: Proceedings of the 2016 ACM SIGCOMM Conference, pp. 1–14, 2016.
- Intel DPDK Performance on the SAU5081I Server, https://www.accton.com/Technology-Brief/inteldpdk-performance-on-the-sau5081i-server/, Accessed 3 October 2022.
- L. Rizzo, L. Deri, A. Cardigliano, 10 gbit/s line rate packet processing using commodity hardware: Survey and new proposals, 2012.
- Google Transparency Report, https://transparencyreport.google.com/https/overview, Accessed 3 October 2022.
- F. Yu, R. H. Katz, T. V. Lakshman, Gigabit rate packet pattern-matching using tcam, in: Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004., IEEE, pp. 174–183, 2004.
- J.-S. Sung, S.-M. Kang, Y. Lee, T.-G. Kwon, B.-T. Kim, A multi-gigabit rate deep packet inspection algorithm using tcam, in: GLOBECOM’05. IEEE Global Telecommunications Conference, Vol. 1, IEEE, 2005.
- T. Ho, S.-J. Cho, S.-R. Oh, Parallel multiple pattern matching schemes based on cuckoo filter for deep packet inspection on graphics processing units, IET Information Security 12 (4), 381–388, 2018. https://doi.org/10.1049/iet-ifs.2017.0421.
- J. Han, S. Kim, D. Cho, B. Choi, J. Ha, D. Han, A secure middlebox framework for enabling visibility over multiple encryption protocols, IEEE/ACM Transactions on Networking 28 (6), 2727–2740, 2020. https://doi.org/10.1109/TNET.2020.3016785.
- H. Duan, X. Yuan, C. Wang, Lightbox: Sgx-assisted secure network functions at near-native speed. corr abs/1706.06261, arXiv preprint arXiv:1706.06261, 2017.
- B. Fan, D. G. Andersen, M. Kaminsky, M. D. Mitzenmacher, Cuckoo filter: Practically better than bloom, in: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 75–88, 2014.
- L. Deri, M. Martinelli, T. Bujlow, A. Cardigliano, ndpi: Open-source high-speed deep packet inspection, in: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), IEEE, pp. 617–622, 2014.
- F. Risso, M. Baldi, O. Morandi, A. Baldini, P. Monclus, Lightweight, payload-based traffic classification: An experimental evaluation, in: 2008 IEEE International Conference on Communications, IEEE, pp. 5869–5875, 2008.
- Protocol and application classification with metadata extraction (PACE) , https://www.ipoque.com/products/dpi-engine-rsrpace-2, Accessed 3 October 2022.
- T. Bujlow, V. Carela-Espanol, Comparison of deep packet inspection (dpi) tools for traffic classification.
- S. Alcock, R. Nelson, Measuring the accuracy of open-source payload-based traffic classifiers using popular internet applications, in: 38th Annual IEEE Conference on Local Computer Networks-Workshops, IEEE, pp. 956–963, 2013.
- T. Bujlow, V. Carela-Espa˜nol, P. Barlet-Ros, Independent comparison of popular dpi tools for traffic classification, Computer Networks 76, 75–89, 2015. https://doi.org/10.1016/j.comnet.2014.11.001.
- G. B. Satrya, F. E. Nugroho, T. Brotoharsono, Improving network security-a comparison between ndpi and l7-filter, International Journal on Information and Communication Technology (IJoICT) 2 (2), 11–11, 2016. https://doi.org/10.21108/IJOICT.2016.22.77.
- R. Muth, U. Manber, Approximate multiple string search, in: Annual Symposium on Combinatorial Pattern Matching, Springer, pp. 75–86, 1996.
- R. M. Karp, M. O. Rabin, Efficient randomized pattern-matching algorithms, IBM journal of research and development 31 (2), 249–260, 1987. https://doi.org/10.1147/rd.312.0249.
- V. Gupta, M. Singh, V. K. Bhalla, Pattern matching algorithms for intrusion detection and prevention system: A comparative analysis, in: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, pp. 50–54, 2014.
- N. Shoaib, J. Shamsi, T. Mustafa, A. Zaman, J. ul Hasan, M. Gohar, Gdpi: Signature based deep packet inspection using gpus, Int. J. Adv. Comput. Sci. Appl 8 (11), 210–216, 2017. https://doi.org/10.14569/IJACSA.2017.081128.
- M. Ramesh, H. Jeon, Parallelizing deep packet inspection on gpu, in: 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), IEEE, pp. 248–253, 2018.
- J. Sharma, M. Singh, Cuda based rabin-karp pattern matching for deep packet inspection on a multicore gpu, International Journal of Computer Network and Information Security 7 (10), 70–77, 2015. https://doi.org/10.5815/ijcnis.2015.10.08.
- B. H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM 13 (7), 422–426, 1970. https://doi.org/10.1145/362686.362692.
- L. Fan, P. Cao, J. Almeida, A. Z. Broder, Summary cache: a scalable wide-area web cache sharing protocol, IEEE/ACM transactions on networking 8 (3), 281–293, 2000. https://doi.org/10.1109/90.851975.
- F. Bonomi, M. Mitzenmacher, R. Panigrahy, S. Singh, G. Varghese, An improved construction for counting bloom filters, in: European Symposium on Algorithms, Springer, pp. 684–695, 2006.
- F. Putze, P. Sanders, J. Singler, Cache-, hash-and space-efficient bloom filters, in: International Workshop on Experimental and Efficient Algorithms, Springer, pp. 108–121, 2007.
- D. E. Knuth, The art of computer programming: Sorting and searching, Vol. 3, Addison-Wesley Publishing Company.
- M. Al-Hisnawi, M. Ahmadi, Qcf for deep packet inspection, IET Networks 7 (5), 346–352, 2018. https://doi.org/10.1049/iet-net.2017.0037.
- N. S. Artan, H. J. Chao, Multi-packet signature detection using prefix bloom filters, in: GLOBECOM’05. IEEE Global Telecommunications Conference, 2005., Vol. 3, IEEE, 2005.
- T. Kocak, I. Kaya, Low-power bloom filter architecture for deep packet inspection, IEEE Communications Letters 10 (3), 210–212, 2006. https://doi.org/10.1109/LCOMM.2006.1603387.
- Y. Chen, A. Kumar, J. J. Xu, A new design of bloom filter for packet inspection speedup, in: IEEE GLOBECOM 2007-IEEE Global Telecommunications Conference, IEEE, pp. 1–5, 2007.
- M. Al-Hisnawi, M. Ahmadi, Deep packet inspection using quotient filter, IEEE Communications Letters 20 (11), 2217–2220, 2016. https://doi.org/10.1109/LCOMM.2016.2601898.
- M. Al-Hisnawi, M. Ahmadi, Deep packet inspection using cuckoo filter, in: 2017 Annual Conference on New Trends in Information & Communications Technology Applications (NTICT), IEEE, pp. 197–202, 2017.
- R. S. Boyer, J. S. Moore, A fast string searching algorithm, Communications of the ACM 20 (10), 762–772, 1977. https://doi.org/10.1145/359842.359859.
- S. Wu, U. Manber, et al., A fast algorithm for multi-pattern searching, University of Arizona. Department of Computer Science, 1994.
- Y. Wang, H. Kobayashi, An improved technology for content matching intrusion detection system, in: 2006 International Conference on Software in Telecommunications and Computer Networks, IEEE, pp. 238–241, 2006.
- A. A. Hasan, N. A. A. Rashid, Hash-boyer-moore-horspool string matching algorithm for intrusion detection system, in: International Conference on Computer Networks and Communication Systems, IPCSIT, 35, pp. 12–16, 2012.
- S. Sharma, M. Dixit, Single digit hash boyer moore horspool pattern matching algorithm for intrusion detection system, International Journal of Future Generation Communication and Networking 9 (9), 169–180, 2016. https://doi.org/10.14257/ijfgcn.2016.9.9.15.
- R. Padmashani, S. Sathyadevan, D. Dath, Bsnort ips better snort intrusion detection/prevention system, in: 2012 12th International Conference on Intelligent Systems Design and Applications (ISDA), IEEE, pp. 46–51, 2012.
- S. Gupta, Efficient malicious domain detection using word segmentation and bm pattern matching, in: 2016 International Conference on Recent Advances and Innovations in Engineering (ICRAIE), IEEE, pp. 1–6, 2016.
- T. F. A. Rahman, A. G. Buja, K. Abd, F. M. Ali, Sql injection attack scanner using boyer-moore string matching algorithm., J. Comput. 12 (2), 183–189, 2017. https://doi.org/10.17706/jcp.12.2.183-189.
- Y. Otoum, A. Nayak, As-ids: Anomaly and signature based ids for the internet of things, Journal of Network and Systems Management 29 (3), 1–26, 2021. https://doi.org/0.1007/s10922-021-09589-6.
- Q. Zheng, An improved multiple patterns matching algorithm for intrusion detection, in: 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems, Vol. 2, IEEE, pp. 124–127, 2010.
- C. Ke-Qin, D. Lin, W. Hui, An improved multi-pattern matching algorithms in intrusion detection, in: 2013 Fifth International Conference on Measuring Technology and Mechatronics Automation, IEEE, pp. 203–205, 2013.
- M. Aldwairi, K. Al-Khamaiseh, F. Alharbi, B. Shah, Bloom filters optimized wu-manber for intrusion detection, Journal of Digital Forensics, Security and Law 11 (4), 5, 2016. https://doi.org/10.15394/jdfsl.2016.1427.
- B. Zhang, X. Chen, X. Pan, Z. Wu, High concurrence wu-manber multiple patterns matching algorithm, in: Proceedings. The 2009 International Symposium on Information Processing (ISIP 2009), Citeseer, p. 404, 2009.
- D. Luchaup, L. De Carli, S. Jha, E. Bach, Deep packet inspection with dfa-trees and parametrized language overapproximation, in: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, IEEE, pp. 531–539, 2014.
- M. ˇCeˇska, V. Havlena, L. Hol´ık, O. Leng´al, T. Vojnar, Approximate reduction of finite automata for high-speed network intrusion detection, International Journal on Software Tools for Technology Transfer 22 (5), 523–539, 2020. https://doi.org/10.1007/978-3-319-89963-3_9.
- M. Ceˇska, V. Havlena, L. Hol´ık, J. Korenek, O. Leng´al, D. Matouˇsek, J. Matouˇsek, J. Semric, T. Vojnar, Deep packet inspection in fpgas via approximate nondeterministic automata, in: 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), IEEE, pp. 109–117, 2019.
- M. Roesch, et al., Snort: Lightweight intrusion detection for networks., in: Lisa, Vol. 99, 1999, pp. 229–238.
- R. Sommer, Bro: An open source network intrusion detection system, Security, E-learning, E-Services, 17. DFNArbeitstagung¨uber Kommunikationsnetze. https://doi.org/10.1007/978-3-319-89963-3_9.
- Cisco IOS Intrusion Prevention System (IPS) , https://www.cisco.com/c/en/us/products/security/iosintrusion-prevention-system-ips/index.html, Accessed 3 October 2022.
- X. Yu, W.-c. Feng, D. Yao, M. Becchi, O3 fa: A scalable finite automata–based pattern-matching engine for out–of–order deep packet inspection, in: 2016 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), IEEE, pp. 1–11, 2016.
- C. Yin, H. Wang, X. Yin, R. Sun, J. Wang, Improved deep packet inspection in data stream detection, The Journal of Supercomputing 75 (8), 4295–4308, 2019. https://doi.org/10.1007/s11227-018-2685-y.
- R. Sun, L. Shi, C. Yin, J. Wang, An improved method in deep packet inspection based on regular expression, The Journal of Supercomputing 75 (6), 3317–3333, 2019. https://doi.org/10.1007/s11227-018-2517-0.
- S. Nagaraju, B. Shanmugham, K. Baskaran, High throughput token driven fsm based regex pattern matching for network intrusion detection system, Materials Today: Proceedings. https://doi.org/10.1016/j.matpr.2021.04.028.
- A. V. Aho, M. J. Corasick, Efficient string matching: an aid to bibliographic search, Communications of the ACM 18 (6), 333–340, 1975. https://doi.org/10.1145/360825.360855.
- M. Norton, Optimizing pattern matching for intrusion detection, Sourcefire, Inc., Columbia, MD.
- N. Tuck, T. Sherwood, B. Calder, G. Varghese, Deterministic memory-efficient string matching algorithms for intrusion detection, in: IEEE INFOCOM 2004, 4, IEEE, pp. 2628–2639, 2004.
- L. Tan, T. Sherwood, A high throughput string matching architecture for intrusion detection and prevention, in: 32nd International Symposium on Computer Architecture (ISCA’05), IEEE, pp. 112–122, 2005.
- T.-H. Lee, N.-L. Huang, A pattern-matching scheme with high throughput performance and low memory requirement, IEEE/ACM Transactions on Networking 21 (4), 1104–1116, 2012. https://doi.org/10.1109/TNET.2012.2224881.
- H. Kim, A scalable architecture for reducing power consumption in pipelined deep packet inspection system, Microelectronics Journal 46 (10), 950–955, 2015. https://doi.org/10.1016/j.mejo.2015.08.002.
- X. Zha, S. Sahni, Multipattern string matching on a gpu, in: 2011 IEEE Symposium on Computers and Communications (ISCC), IEEE, pp. 277–282, 2011.
- C.-H. Lin, C.-H. Liu, L.-S. Chien, S.-C. Chang, Accelerating pattern matching using a novel parallel algorithm on gpus, IEEE Transactions on Computers 62 (10), 1906–1916, 2012. https://doi.org/10.1109/TC.2012.254.
- C.-L. Lee, Y.-S. Lin, Y.-C. Chen, A hybrid cpu/gpu pattern-matching algorithm for deep packet inspection, PloS one 10 (10), e0139301, 2015. https://doi.org/10.1371/journal.pone.0139301.
- C.-L. Hsieh, L. Vespa, N. Weng, A high-throughput dpi engine on gpu via algorithm/implementation co-optimization, Journal of Parallel and Distributed Computing 88, 46–56, 2016. https://doi.org/10.1016/j.jpdc.2015.11.001.
- B. Choi, J. Chae, M. Jamshed, K. Park, D. Han, {DFC}: Accelerating string pattern matching for network applications, in: 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16), pp. 551–565, 2016.
- D. C. Sicker, P. Ohm, D. Grunwald, Legal issues surrounding monitoring during network research, in: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 141–148, 2007.
- T. T. Nguyen, G. Armitage, A survey of techniques for internet traffic classification using machine learning, IEEE communications surveys & tutorials 10 (4), 56–76, 2008. https://doi.org/10.1109/SURV.2008.080406.
- A. Finamore, M. Mellia, M. Meo, D. Rossi, Kiss: Stochastic packet inspection classifier for udp traffic, IEEE/ACM Transactions on Networking 18 (5), 1505–1515, 2010. https://doi.org/10.1109/TNET.2010.2044046.
- B. Anderson, D. McGrew, Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity, in: Proceedings of the 23rd ACM SIGKDD International Conference on knowledge discovery and data mining, pp. 1723–1732, 2017.
- B. Anderson, S. Paul, D. McGrew, Deciphering malware’s use of tls (without decryption), Journal of Computer Virology and Hacking Techniques 14 (3), 195–211, 2018. https://doi.org/10.1007/s11416-017-0306-6.
- A. Yamada, Y. Miyake, K. Takemori, A. Studer, A. Perrig, Intrusion detection for encrypted web accesses, in: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07), 1, IEEE, pp. 569–576, 2007.
- J. Y. Chung, B. Park, Y. J. Won, J. Strassner, J. W. Hong, Traffic classification based on flow similarity, in: International Workshop on IP Operations and Management, Springer, pp. 65–77, 2009.
- E. Rocha, P. Salvador, A. Nogueira, Detection of illicit network activities based on multivariate gaussian fitting of multi-scale traffic characteristics, in: 2011 IEEE International Conference on Communications (ICC), IEEE, pp. 1–6, 2011.
- I. Goodfellow, Y. Bengio, A. Courville, Deep learning, MIT press, 2016.
- Y. LeCun, Y. Bengio, G. Hinton, Deep learning, nature 521 (7553), 436–444, 2015. https://doi.org/10.1038/nature14539.
- M. A. Alsheikh, D. Niyato, S. Lin, H.-P. Tan, Z. Han, Mobile big data analytics using deep learning and apache spark, IEEE network 30 (3), 22–29, 2016. https://doi.org/10.1109/MNET.2016.7474340.
- B. J. Radford, L. M. Apolonio, A. J. Trias, J. A. Simpson, Network traffic anomaly detection using recurrent neural networks, arXiv preprint arXiv:1803.10769.
- D. Andreoletti, S. Troia, F. Musumeci, S. Giordano, G. Maier, M. Tornatore, Network traffic prediction based on diffusion convolutional recurrent neural networks, in: IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, pp. 246–251, 2019.
- K. Ding, S. Ding, A. Morozov, T. Fabarisov, K. Janschek, On-line error detection and mitigation for time-series data of cyber-physical systems using deep learning based methods, in: 2019 15th European Dependable Computing Conference (EDCC), IEEE, pp. 7–14, 2019.
- W. Zhong, F. Gu, A multi-level deep learning system for malware detection, Expert Systems with Applications 133, 151–162, 2019. https://doi.org/10.1016/j.eswa.2019.04.064.
- A. D’Alconzo, I. Drago, A. Morichetta, M. Mellia, P. Casas, A survey on big data for network traffic monitoring and analysis, IEEE Transactions on Network and Service Management 16 (3), 800–813, 2019. https://doi.org/10. 1109/TNSM.2019.2933358.
- M. Alicherry, M. Muthuprasanna, V. Kumar, High speed pattern matching for network ids/ips, in: Proceedings of the 2006 IEEE International Conference on Network Protocols, IEEE, pp. 187–196, 2006.
- H. Kim, K.-I. Choi, A pipelined non-deterministic finite automaton-based string matching scheme using merged state transitions in an fpga, PloS one 11 (10), e0163535, 2016. https://doi.org/10.1371/journal.pone.0163535.
- I. Sourdis, D. N. Pnevmatikatos, S. Vassiliadis, Scalable multigigabit pattern matching for packet inspection, IEEE Transactions on Very Large Scale Integration (VLSI) Systems 16 (2), 156–166, 2008. https://doi.org/10.1109/ TVLSI.2007.912036.
- R.-T. Liu, N.-F. Huang, C.-H. Chen, C.-N. Kao, A fast string-matching algorithm for network processor-based intrusion detection system, ACM Transactions on Embedded Computing Systems (TECS) 3 (3), 614–633, 2004. https://doi.org/10.1145/1015047.1015055.
- D. F. Bacon, R. Rabbah, S. Shukla, Fpga programming for the masses, Communications of the ACM 56 (4), 56–63, 2013. https://doi.org/10.1145/2436256.2436271.
- Y. Sun, H. Liu, V. C. Valgenti, M. S. Kim, Hybrid regular expression matching for deep packet inspection on multi-core architecture, in: 2010 Proceedings of 19th International Conference on Computer Communications and Networks, IEEE, pp. 1–7, 2010.
- Y.-H. E. Yang, V. K. Prasanna, Robust and scalable string pattern matching for deep packet inspection on multicore processors, IEEE Transactions on Parallel and Distributed Systems 24 (11), 2283–2292, 2012 https://doi.org/10.1109/TPDS.2012.217.
- C.-L. Lee, T.-H. Yang, A flexible pattern-matching algorithm for network intrusion detection systems using multi-core processors, Algorithms 10 (2), 58, 2017. https://doi.org/10.3390/a10020058.
- CUDA C PROGRAMMING GUIDE , https://docs.nvidia.com/cuda/archive/9.1/pdf/CUDA_C_Programming_Guide.pdf, Accessed 3 October 2022.
- R. Smith, N. Goyal, J. Ormont, K. Sankaralingam, C. Estan, Evaluating gpus for network packet signature matching, in: 2009 IEEE International Symposium on Performance Analysis of Systems and Software, IEEE, pp. 175–184, 2009.
- M. Ramesh, Network traffic anomaly-detection framework using gpus, Ph.D. thesis, San Jose State University, 2017.
- X. d. C. de Carnavalet, P. C. van Oorschot, A survey and analysis of tls interception mechanisms and motivations, arXivpreprint arXiv:2010.16388.
- K. Moriarty, A. Morton, Effects of pervasive encryption on operators, draft-mm-wg-effect-encrypt-25 (work in progress).
- K. Bhargavan, I. Boureanu, A. Delignat-Lavaud, P.-A. Fouque, C. Onete, A formal treatment of accountable proxying over tls, in: 2018 IEEE Symposium on Security and Privacy (SP), IEEE, pp. 799–816, 2018.
- C. Lan, J. Sherry, R. A. Popa, S. Ratnasamy, Z. Liu, Embark: Securely outsourcing middleboxes to the cloud, in: 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16), 2016, pp. 255–273.
- G. S. Poh, D. M. Divakaran, H. W. Lim, J. Ning, A. Desai, A survey of privacy-preserving techniques for encrypted traffic inspection over network middleboxes, arXiv preprint arXiv:2101.04338.
- L. S. Huang, A. Rice, E. Ellingsen, C. Jackson, Analyzing forged ssl certificates in the wild, in: 2014 IEEE Symposium on Security and Privacy, IEEE, pp. 83–97, 2014.
- J. Ning, G. S. Poh, J.-C. Loh, J. Chia, E.-C. Chang, Privdpi: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657–1670, 2019.
- X. de Carn´e de Carnavalet, M. Mannan, Killed by proxy: analyzing client-end tls interception software https://doi.org/10.3390/a10020058.
- Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. A. Halderman, V. Paxson, The security impact of https interception., in: NDSS, 2017.
- L. Waked, M. Mannan, A. Youssef, To intercept or not to intercept: Analyzing tls interception in network appliances, in: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 399–412, 2018.
- MitMProxy, https://mitmproxy.org/, Accessed 3 October 2022.
- SSLSpit, https://www.roe.ch/, Accessed 3 October 2022.
- J. Sherry, C. Lan, R. A. Popa, S. Ratnasamy, Blindbox: Deep packet inspection over encrypted traffic, in: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226, 2015.
- S. Canard, A. Diop, N. Kheir, M. Paindavoine, M. Sabt, Blindids: Market-compliant and privacy-friendly intrusion detection system over encrypted traffic, in: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 561–574, 2017.
- T. Fuhr, P. Paillier, Decryptable searchable encryption, in: International Conference on Provable Security, Springer, pp. 228–236, 2007.
- J. Fan, C. Guan, K. Ren, Y. Cui, C. Qiao, Spabox: Safeguarding privacy during deep packet inspection at a middlebox, IEEE/ACM Transactions on Networking 25 (6), 3753–3766, 2017. https://doi.org/10.1109/TNET.2017.2753044.
- J. Ning, X. Huang, G. S. Poh, S. Xu, J.-C. Loh, J. Weng, R. H. Deng, Pine: Enabling privacy-preserving deep packet inspection on tls with rule-hiding and fast connection establishment, in: European Symposium on Research in Computer Security, Springer, pp. 3–22, 2020.
- H. Ren, H. Li, D. Liu, G. Xu, N. Cheng, X. S. Shen, Privacy-preserving efficient verifiable deep packet inspection for cloud-assisted middlebox, IEEE Transactions on Cloud Computing. https://doi.org/10.1109/TCC.2020.2991167.
- H. J. Asghar, L. Melis, C. Soldani, E. De Cristofaro, M. A. Kaafar, L. Mathy, Splitbox: Toward efficient private network function virtualization, in: Proceedings of the 2016 workshop on Hot topics in Middleboxes and Network Function Virtualization, pp. 7–13, 2016.
- S. Lai, S. Patranabis, A. Sakzad, J. K. Liu, D. Mukhopadhyay, R. Steinfeld, S.-F. Sun, D. Liu, C. Zuo, Result pattern hiding searchable encryption for conjunctive queries, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 745–762, 2018.
- D. Naylor, K. Schomp, M. Varvello, I. Leontiadis, J. Blackburn, D. R. L´opez, K. Papagiannaki, P. Rodriguez Rodriguez, P. Steenkiste, Multi-context tls (mctls) enabling secure in-network functionality in tls, ACM SIGCOMM Computer Communication Review 45 (4), 199–212, 2015. https://doi.org/10.1145/2829988.2787482.
- D. Naylor, R. Li, C. Gkantsidis, T. Karagiannis, P. Steenkiste, And then there were more: Secure communication for more than two parties, in: Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies, pp. 88–100, 2017.
- H. Lee, Z. Smith, J. Lim, G. Choi, S. Chun, T. Chung, T. T. Kwon, matls: How to make tls middlebox-aware?, in: NDSS, 2019.
- D. Goltzsche, S. R¨usch, M. Nieke, S. Vaucher, N. Weichbrodt, V. Schiavoni, P.-L. Aublin, P. Cosa, C. Fetzer, P. Felber, et al., Endbox: Scalable middlebox functions using client-side trusted execution, in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp. 386–397, 2018.
- Perl Compatible Regular Expressions Library (PCRE2), https://ftp.pcre.org/pub/pcre/, Accessed 3 October 2022.
- N. D. Matsakis, F. S. Klock, The rust language, ACM SIGAda Ada Letters 34 (3), 103–104, 2014. https://doi. org/10.1145/2692956.2663188.
- D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, C. Fetzer, Sgxbounds: Memory safety for shielded execution, in: Proceedings of the Twelfth European Conference on Computer Systems, pp. 205–221, 2017.
- L. Szekeres, M. Payer, T. Wei, D. Song, Sok: Eternal war in memory, in: 2013 IEEE Symposium on Security and Privacy, IEEE, pp. 48–62, 2013.
- R. Poddar, C. Lan, R. A. Popa, S. Ratnasamy, Safebricks: Shielding network functions in the cloud, in: 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18), pp. 201–216, 2018.
- B. Trach, A. Krohmer, F. Gregor, S. Arnautov, P. Bhatotia, C. Fetzer, Shieldbox: Secure middleboxes using shielded execution, in: Proceedings of the Symposium on SDN Research, pp. 1–14, 2018.
- S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’keeffe, M. L. Stillwell, et al., {SCONE}: Secure linux containers with intel {SGX}, in: 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16), pp. 689–703, 2016.
- hyperscan, https://www.hyperscan.io/, Accessed 3 October 2022.
- J. M. Sherry, Middleboxes as a cloud service, Ph.D. thesis, UC Berkeley, 2016.
- Y. Lindell, The security of intel sgx for key protection and data privacy applications.
- D. Cash, P. Grubbs, J. Perry, T. Ristenpart, Leakage-abuse attacks against searchable encryption, in: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 668–679, 2015.
- G. Kellaris, G. Kollios, K. Nissim, A. O’neill, Generic attacks on secure outsourced databases, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1340, 2016.
- M. S. Islam, M. Kuzu, M. Kantarcioglu, Access pattern disclosure on searchable encryption: ramification, attack and mitigation., in: Ndss, Vol. 20, Citeseer, p. 12, 2012.
- J. Ning, J. Xu, K. Liang, F. Zhang, E.-C. Chang, Passive attacks against searchable encryption, IEEE Transactions on Information Forensics and Security 14 (3), 789–802, 2018. https://doi.org/10.1109/TIFS.2018.2866321.
- Cisco Encrypted Traffic Analytics White Paper, https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.html, Accessed 3 October 2022.
- S. Hajiheidari, K. Wakil, M. Badri, N. J. Navimipour, Intrusion detection systems in the internet of things: A comprehensive investigation, Computer Networks 160, 165–191, 2019. https://doi.org/10.1016/j.comnet.2019.05.014.
- C. Birkinshaw, E. Rouka, V. G. Vassilakis, Implementing an intrusion detection and prevention system using softwaredefined networking: Defending against port-scanning and denial-of-service attacks, Journal of Network and Computer Applications 136, 71–85, 2019. https://doi.org/10.1016/j.jnca.2019.03.005.
- H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, K.-Y. Tung, Intrusion detection system: A comprehensive review, Journal of Network and Computer Applications 36 (1), 16–24, 2013. https://doi.org/10.1016/j.jnca.2012.09.004.
- S. Raza, L. Wallgren, T. Voigt, Svelte: Real-time intrusion detection in the internet of things, Ad hoc networks 11 (8), 2661–2674, 2013. https://doi.org/10.1016/j.adhoc.2013.04.014.
- H. Sedjelmaci, S. M. Senouci, M. Al-Bahri, A lightweight anomaly detection technique for low-resource iot devices: A game-theoretic methodology, in: 2016 IEEE international conference on communications (ICC), IEEE, pp. 1–6, 2016.
- R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based anomaly detection: a new approach for detecting network intrusions, in: Proceedings of the 9th ACM conference on Computer and communications security, pp. 265–274, 2002.
- S. Demirci, M. Demirci, S. Sagiroglu, Virtual security functions and their placement in software defined networks: A survey, Gazi University Journal of Science 32 (3), 833–851, 2019. https://doi.org/10.35378/gujs.422000.
- B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, T. Turletti, A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Communications surveys & tutorials 16 (3), 1617–1634, 2014. https://doi.org/10.1109/SURV.2014.012214.00180.
- B. Han, V. Gopalakrishnan, L. Ji, S. Lee, Network function virtualization: Challenges and opportunities for innovations, IEEE Communications Magazine 53 (2), 90–97, 2015. https://doi.org/10.1109/MCOM.2015.7045396.
- G.Wang, T. E. Ng, The impact of virtualization on network performance of amazon ec2 data center, in: 2010 Proceedings IEEE INFOCOM, IEEE, pp. 1–9, 2010.
- S. Scott-Hayward, S. Natarajan, S. Sezer, A survey of security in software defined networks, IEEE Communications Surveys & Tutorials 18 (1), 623–654, 2015. https://doi.org/10.1109/COMST.2015.2453114.
- J. C. C. Chica, J. C. Imbachi, J. F. B. Vega, Security in sdn: A comprehensive survey, Journal of Network and Computer Applications 159, 102595, 2020. https://doi.org/10.1016/j.jnca.2020.102595.
- L. Schehlmann, S. Abt, H. Baier, Blessing or curse? revisiting security aspects of software-defined networking, in: 10th International Conference on Network and Service Management (CNSM) and Workshop, IEEE, pp. 382–387, 2014.
- M. Liyanage, M. Ylianttila, A. Gurtov, Securing the control channel of software-defined mobile networks, in: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, IEEE, pp. 1–6, 2014.
- Y. Jarraya, A. Shameli-Sendi, M. Pourzandi, M. Cheriet, Multistage ocdo: Scalable security provisioning optimization in sdn-based cloud, in: 2015 IEEE 8th International Conference on Cloud Computing, IEEE, pp. 572–579, 2015.
- M. Sainz, I. Garitano, M. Iturbe, U. Zurutuza, Deep packet inspection for intelligent intrusion detection in softwaredefined industrial networks: A proof of concept, Logic Journal of the IGPL 28 (4), 461–472, 2020.
- A. Bremler-Barr, Y. Harchol, D. Hay, Y. Koral, Deep packet inspection as a service, in: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 271–282, 2014.
- Y. Li, R. Fu, An parallelized deep packet inspection design in software defined network, in: Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, IEEE, pp. 6–10, 2014.
- A. Abubakar, B. Pranggono, Machine learning based intrusion detection system for software defined networks, in: 2017 seventh international conference on emerging security technologies (EST), IEEE, pp. 138–143, 2017.
- C. Yu, J. Lan, J. Xie, Y. Hu, Qos-aware traffic classification architecture using machine learning and deep packet inspection in sdns, Procedia computer science 131, 1209–1216, 2018. https://doi.org/10.1016/j.procs.2018.04.331.
- M. Bouet, J. Leguay, V. Conan, Cost-based placement of virtualized deep packet inspection functions in sdn, in: MILCOM 2013-2013 IEEE Military Communications Conference, IEEE, pp. 992–997, 2013.
- M. Bouet, J. Leguay, T. Combe, V. Conan, Cost-based placement of vdpi functions in nfv infrastructures, International Journal of Network Management 25 (6), 490–506, 2015. https://doi.org/10.1002/nem.1920.
- J. Kim, J. Lee, J. Kim, J. Yun, M2m service platforms: Survey, issues, and enabling technologies, IEEE Communications Surveys & Tutorials 16 (1), 61–76, 2013. https://doi.org/10.1109/SURV.2013.100713.00203
- H. Yao, P. Gao, J. Wang, P. Zhang, C. Jiang, Z. Han, Capsule network assisted iot traffic classification mechanism for smart cities, IEEE Internet of Things Journal 6 (5), 7515–7525, 2019. https://doi.org/10.1109/JIOT.2019.2901348.
- E. Bertino, N. Islam, Botnets and internet of things security, Computer 50 (2), 76–79, 2017. https://doi.org/10.1109/MC.2017.62.
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet, in: 26th {USENIX} security symposium ({USENIX} Security 17), pp. 1093–1110, 2017.
- Y. Zhang, N. Meratnia, P. Havinga, Outlier detection techniques for wireless sensor networks: A survey, IEEE communications surveys & tutorials 12 (2), 159–170, 2010. https://doi.org/10.1109/SURV.2010.021510.00088.
- J. Wang, Q. Kuang, S. Duan, A new online anomaly learning and detection for large-scale service of internet of thing, Personal and Ubiquitous Computing 19 (7), 1021–1031, 2015.
- H. Sun, X. Wang, R. Buyya, J. Su, Cloudeyes: Cloud-based malware detection with reversible sketch for resourceconstrained internet of things (iot) devices, Software: Practice and Experience 47 (3), 421–441, 2017. https://doi.org/10.1002/spe.2420.
- D. Oh, D. Kim, W. W. Ro, A malicious pattern detection engine for embedded security systems in the internet of things, Sensors 14 (12), 24188–24211, 2014. https://doi.org/10.3390/s141224188.
- S. O. Amin, M. S. Siddiqui, C. S. Hong, J. Choe, A novel coding scheme to implement signature based ids in ip based sensor networks, in: 2009 IFIP/IEEE International Symposium on Integrated Network Management-Workshops, IEEE, pp. 269–274, 2009.
- H. Sedjelmaci, S. M. Senouci, T. Taleb, An accurate security game for low-resource iot devices, IEEE Transactions on Vehicular Technology 66 (10), 9381–9393, 2017. https://doi.org/10.1109/TVT.2017.2701551.
- D. Midi, A. Rullo, A. Mudgerikar, E. Bertino, Kalis—a system for knowledge-driven adaptable intrusion detection for the internet of things, in: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), IEEE, pp. 656–666, 2017.
- Y. Lee, Y. Lee, Toward scalable internet traffic measurement and analysis with hadoop, ACM SIGCOMM Computer Communication Review 43 (1), 5–13, 2012. https://doi.org/10.1145/2427036.2427038.
- M. Wullink, G. C. Moura, M. M¨uller, C. Hesselman, Entrada: A high-performance network traffic data streaming warehouse, in: NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, pp. 913-918, 2016.
- C. Orsini, A. King, D. Giordano, V. Giotsas, A. Dainotti, Bgpstream: a software framework for live and historical bgp data analysis, in: Proceedings of the 2016 Internet Measurement Conference, pp. 429–444, 2016.
- M. Becchi, M. Franklin, P. Crowley, A workload for evaluating deep packet inspection architectures, in: 2008 IEEE International Symposium on Workload Characterization, IEEE, pp. 79–89, 2008.
- F. Schneider, J. Wallerich, A. Feldmann, Packet capture in 10-gigabit ethernet environments using contemporary commodity hardware, in: International Conference on Passive and Active Network Measurement, Springer, pp. 207–217, 2007.