A Service-oriented Deep Packet Inspection (DPI) based Architecture for Network Analysis and Monitoring

Abstract

A variety of web based applications, mobile apps and other Over the Top (OTT) data services with affordable 3G/4G enabled smart devices are major factors for an enormous increase in heterogeneous data traffic at enterprise and mobile networks. This creates challenges regarding traffic management and requires traffic-aware intelligent network management to deliver sustained quality of experience (QoE) for subscribers. Deep Packet Inspection and Analysis (DPIA) provides a base platform for development of traffic-aware intelligent network management and security systems like IDS, IPS, traffic management, Copyright Enforcement, Lawful Interception, Layer 7 Firewalls, application aware load-balancers, Leakage prevention systems and QoE/QoS measurement systems. However, computationally complex DPIA-related packet processing for high speed data traffic makes these systems expensive. Furthermore, conventionally these traffic-aware network management and security systems are deployed in enterprise networks with independent and dedicated DPIA-related processing resources and require multiple copies of passively provisioned high speed data from the network, while performing similar DPIA operations over the same data again and again. This duplicate deployment of expensive software and hardware resources for DPIA processing eventually results in higher capital expenditures (CAPEX) as well as operational expenditures (OPEX) for network operators. Based on the observations mentioned above, a shared DPIA-based network measurement, analysis and monitoring framework with heterogeneous services is required that could be configured as per feature requirements and should be deployed iv in a shared service mode to cut CAPEX/OPEX and make network operations tasks simpler. This thesis contributes in this active research area and proposes a novel service-oriented framework for heterogeneous Deep Packet Inspection and Analysis that simultaneously provides diversified DPIA services to multiple client applications for network management and security operations in high speed networks. The proposed framework is based on a service oriented approach with incorporation of state of the art implementations of multiple DPIA components and providing an abstraction for all DPIA related details. This novel framework provides a flexible and comprehensive API-based service interface for client applications to register any required DPIA services. The framework implementation is based on commodity hardware and it deploys a shared set of DPIA related packet processing components, requiring only a single copy of passive data provisioned from network. Experimental evaluations show that the novel framework requires a considerably reduced amount of software and hardware resources to fulfill heterogeneous DPIA packet processing requirements for multiple client applications in comparison to conventional network management and security applications with dedicated DPIA components that results in lower cost impacts for network operators with more network manageability.