skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Networked-based Cyber Analysis using Deep Packet Inspection (DPI) for High-Speed Networks

Technical Report ·
DOI:https://doi.org/10.2172/1863848· OSTI ID:1863848
 [1];  [2];  [3];  [2];  [1]
  1. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
  2. Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
  3. Sandia National Lab. (SNL-CA), Livermore, CA (United States)
+ Show Author Affiliations

Today’s networked systems utilize advanced security components such as Next Generation Firewall (NGFW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and methods for network traffic classification. A fundamental aspect of these security components and methods is network packet visibility and packet inspection. To achieve packet visibility, a compute mechanism used by these security components and methods is Deep Packet Inspection (DPI). DPI is used to obtain visibility into packet fields by looking deeper inside packets, beyond just IP address, port, and protocol. However, DPI is considered extremely expensive in terms of compute processing costs and very challenging to implement on high speed network systems. The fundamental scientific paradigm addressed in this research project is the application of greater network packet visibility and packet inspection at data rates greater than 40Gbps to secure computer network systems. The greater visibility and inspection will enable detection of advanced content-based threats that exploit application vulnerabilities and are designed to bypass traditional security approaches such as firewalls and antivirus scanners. Greater visibility and inspection are achieved through identification of the application protocol (e.g., HTTP, SMTP, Skype) and, in some cases, extraction and processing of the information contained in the packet payload. Analysis is then performed on the resulting DPI data to identify potentially malicious behavior. In order to obtain visibility and inspect the application protocol and contents at high speed data rates, advanced DPI technologies and implementations are developed.

Research Organization:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandia National Laboratories, SNL California
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); USDOE Laboratory Directed Research and Development (LDRD) Program
DOE Contract Number:
NA0003525
OSTI ID:
1863848
Report Number(s):
SAND2019-13774; 705224
Country of Publication:
United States
Language:
English

Similar Records

Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks
Technical Report · Mon Aug 31 00:00:00 EDT 2009 · OSTI ID:1863848
Detecting and Blocking Network Attacks at Ultra High Speeds
Technical Report · Mon Nov 29 00:00:00 EST 2010 · OSTI ID:1863848
Connecting to the Internet Securely; Protecting Home Networks CIAC-2324
Technical Report · Wed Nov 27 00:00:00 EST 2002 · OSTI ID:1863848

Related Subjects

97 MATHEMATICS AND COMPUTING