Deep packet inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewall. DPI aims to identify various malware (including spam and viruses), by inspecting both the header and the payload of each packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
Traditionally, DPI considered only exact string patterns. However, in modern network devices patterns are often represented by regular expressions due to their superior expressiveness. Matching both exact strings and regular expressions are a well-studied area in Computer Science; however all well-known solutions are not sufficient for current network demands: First, current solutions do not scale in terms of speed, memory and power requirements. While current network devices work at 10-100 Gbps and have thousands of patterns, traditional solutions suffer from an exponential memory size or exponential time and induce prohibitive power consumption. Second, non clear-text traffic, such as compressed traffic, becomes a dominant portion of the Internet and is clearly harder to inspect. Finally, the resilience of matching the algorithm to various attacks is a mandatory requirement of the system; this major concern was not considered traditionally and most prior-art algorithms are not secure.
In DEEPNESS Lab we design new algorithms and schemes that cope with today’s demands. This is an evolving area both in Academia and Industry, where currently there is no adequate solution. Our current projects deal with the most advanced technologies in the area like usage and implementation of Ternary Content Addressable Memories in networks, green networking, network survivability and internet performance, in both aspects of efficiency and security.
This project is funded by ERC starting grant project led by Anat Bremler-Barr in the Computer Science School of the Interdisciplinary center Herzliya, Israel.
Our open source projects are available on github.