Deev K. The study of networking interactions by using deep packet inspection system

Українська версія

Thesis for the degree of Candidate of Sciences (CSc)

State registration number

0419U000145

Applicant for

Specialization

  • 05.13.05 - Комп'ютерні системи та компоненти

26-12-2018

Specialized Academic Board

К 73.052.04

Cherkasy State Technological University

Essay

The Thesis introduces models of representing Peer-to-Peer networking interactions and proper methods of conducting IP packet header and payload analysis. This area has been already heavily investigated by many scientists, however there are few questions still open. As Internet is growing and becoming more popular, the number of concurrent data flows starts to increase, which makes sense in amount of bandwidth requested and that should be analyzed respectively. In this work, the methods for ensuring identification of network activity of Peer-to-Peer applications for their subsequent classification and proper allocation to separated service class are offered. Such interaction by being classified provides ability to implement flexible charge policy in service-provider network. That should considerably increase user's experience and lower overall capacity load on backbone infrastructure links. Service-providers and corporate customers need the ability to identify Peer-to-Peer interactions, because they are generally not directly related to workflow and lead to premature exhaustion of the available bandwidth of external links. This Thesis represents the principles of building system, which searches for Peer-to-Peer interaction in live network traffic and then places such conversation into formerly marked QoS class with bandwidth constraints. The implementation of the created models and used methods in software has significantly increased the efficiency of provided services. To ensure high quality service to all its subscribers it is desirable to create the system that carries identification of such flows based on classes of service with different priorities. It was tested in specific segments of service-provider's distributed networks and have shown that optimal policies for managing network traffic considerably simplifies management of complex setup. With consistently increasing number of packets per second that should be investigated, the analysis using standard server's hardware-based solutions is challenging, as it is necessary to distribute the load over multiple systems. Therefore, the best way is to use special software-defined complex rather than hardware implementations. Software will distribute the load in the internals of the complex, using the principles and approaches, in particular, described in this paper. Throughput of the system configured in the same manner was analyzed though. The paper outlines the approach with standardization and implementation packet payload analysis functions in software platforms according to their representation in the form of a multilevel OSI model. The functional level is determined and recommendations for the optimal placement of the analyzer complex in service provider network are given. Outlined methods and approaches in the implementation of flexible network packet classifying system are based on deep packet inspection technique. Highlighted approach is analyzed, its benefits are determined to approximate the value of suggested improvements in terms of throughput. Regular expressions matching can balance classified packet payload and could be used for parallel execution on multiple specialized nodes. The possibilities of partial virtualization of individual components of the system with the purpose of increasing the overall throughput are also considered and recommendations are provided. The Thesis presents a flexible approach to match network packet via search engine using relaxed regular expressions for whole network layer headers. By using such mechanism, software and hardware composition that might be used as a detector of anomalies in the network has been created finally. Further improvements to the scope of network classification will be performed based on created method of applications interaction identification which rooted on supervised automated machine learning techniques coupled with specific composed training data publicly available for consideration. The results of Thesis are helpful in terms of practical experience, which can be applied to development of scalable packet classifying system with limited budget on set of available hardware. Keywords: deep packet inspection, traffic analysis, packet classifying methods, intrusion detection system, network monitoring tools.

Files

Similar theses