Abstract
As a major approach for a network security system to discover threats or forensics, DPI (Deep Packet Inspection) technique is widely used in monitoring network flow. With the rapid development of Internet bandwidth, DPI system is facing more and more challenges on performance. One of these challenges is that out-of-sequence packets in TCP transmission will greatly affect memory consumption and data-recall. For a large scale DPI system, each DPI node has to monitor a huge amount of TCP session. It will consume too many resources to allocate plenty of space for storing all out-of-sequence packets. Meanwhile, insufficient space for buffer results in dropping packets and thus unable to reassemble network flow. We analyze the out-of-sequence characteristic of different Internet flow, and implement a dynamic strategy to cache out-of-sequence packet, which provide a more flexible way to keep track of the sessions. Experiment shows that based on the new strategy, a DPI system can greatly improve the completeness of data recall with little extra consumption of space.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Paxson, V.: Automated Packet Trace Analysis of TCP Implementations. In: Proceedings of the 1997 SIGCOMM Conference, Cannes, France, pp. 167–179 (September 1997)
Jaiswal, S., Iannaccone, G., Diot, C., Kurose, J., Towsley, D.: Measurement and Classification of Out-of-Sequence Packets in a Tier-1 IP Backbone. IEEE IEEE/ACM Transactions on Networking 15(1) ( February 2007)
Xu, K., Li, Y., et al.: line speed deep packet detecting techniques on high speed link. 徐克付,李阳等,高速网络线速深度分组检测技术,信息技术快报 9(3) (May 2011)
Semke, J., et al.: Automatic TCP Buffer Tuning
Amit, S., Jaggi, M.: (Sunnyvale, CA, US) , Buffer allocation using probability of dropping unordered segments
Fisk, M., Varghese, G.: Fast content-based packet handling for intrusion detection. Technical Report CS2001-0670, Department of Computer Science, University of California, SanDiego (May)
Bennett, J.C.R., Partridge, C., Shectman, N.: Packet Reorder Is Not Pathological Network Behavior. IEEE/ACM Trans. Net. 7(6) (December 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Q., Feng, W., Dai, Q. (2013). A Dynamic Strategy to Cache Out-of-Sequence Packet in DPI System. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2012. Communications in Computer and Information Science, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35795-4_71
Download citation
DOI: https://doi.org/10.1007/978-3-642-35795-4_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35794-7
Online ISBN: 978-3-642-35795-4
eBook Packages: Computer ScienceComputer Science (R0)