High Speed Deep Packet Inspection (DPI) Engine | University of Engineering and Technology, Taxila

DPI engine will consist of packet capturing, time stamping, flow processing, traffic classification and semantic analysis components with data processing capability at multi-10 Gb/s data rates. To develop a high speed DPI solution, the first requirement is an efficient and high speed lossless packet capturing implementation. To address these requirements, research work is required to enhance existing commodity hardware based implementations with improvements in NICs, drivers and operating system network stack to ensure zeropacket loss. Packet protocol classification or protocol identification (PID) process involves processing of packet traffic to identify layer-7 applications of packets. Packet classification is most critical component of any DPI engine in IP networks requiring use of multiple algorithms and techniques to identify layer 7 application types of network traffic. Application identification and classification part of any DPI based monitoring framework plays a vital role in the performance of respective DPI based Cyber Security applications. Classification algorithms will consist of Port based classification, Payload inspection based classification.

Statistical approach based classification and Multi-classification approaches. Similarly Stream Reassembly algorithms are required to fulfill reassembled data access requirements for multiple DPI applications and require extensive memory access and computational power to perform exhaustive copying operations, extraction and merging of payloads for TCP streams that require continuous optimization of reassembly techniques for optimal memory management and packet processing at continuously increasing data rates.

Figure depicts the architecture of DPI engine. This DPI core engine will act as main platform to build other Cyber Security frameworks and applications as shown in figure. Indigenous development of DPI engine will enable local customization and optimization capability to quickly embed enhancements required to cater continually increasing data rates at network backbones.