Understanding the Network Traffic Constraints for Deep Packet Inspection by Passive Measurement

刘军  郑超  郭莉  刘学利  陆秋文 



The Deep Packet Inspection (DPI) system examines each captured network packet to find malicious events. The quality of network traffic set an upper limit of DPI system’s functionality, such as traffic integrity and asymmetric routing. To better understand these constraints on a DPI system, we setup a series of indicators to quantify these factors, these indicators can be classified as basic information (e.g. average packet sizes), link stability (e.g. out of order packets number), connection integrity (e.g. missing packets number) and asymmetric routing (e.g. one-way flow). There are two challenges in measuring these indicators on real network traffic. The first is how to measure these indicators on high-speed traffic with limited resources. The second is how to track TCP flows across multiple inspection points. We tackle this problem with a scalable passive measurement system, which adopts fast packet I/O technique to capture network traffic, and Spark to process the collected data. To prove its practicability, we deploy the system in a carrier grade network that has six data centers. We have found that 1) over 90% of TCP SYN packets have no subsequent data packet, 2) over 90% of TCP flows are asymmetric, unordered or retransmitted, and 3) over 80% of TCP flow’s round trip time are less than 400ms.




首页
团队介绍
发展历史
组织结构
MESA大事记
新闻中心
通知
组内动态
科研成果
专利
论文
项目
获奖
软著
人才培养
MESA毕业生
MESA在读生
MESA员工
招贤纳士
走进MESA
学长分享
招聘通知
招生宣传
知识库
文章
地址:北京市朝阳区华严北里甲22号楼五层 | 邮编:100029
邮箱:nelist@iie.ac.cn
京ICP备15019404号-1