Technology Opportunities

Faster online DPI inspection

Highlights

• Network security requires the inspection of data packets for protocol non-compliance, viruses, spam, intrusions, or other predefined security-linked criteria.
• Usually carried out by a network device performing Deep Packet Inspection (DPI) of a packet.
• DPI consists of inspecting both the packet header and payload and alerting when signatures of malicious software, identified through pattern matching algorithms, appear in the traffic.
• In order to save bandwidth and to speed up web browsing, most major sites use traffic compression which poses a challenge for performing DPI.

Our Innovation

Novel pattern matching algorithm that inspects Shared Dictionary Compression over HTTP (SDCH)-compressed traffic without need for decompression

Key Features

• Algorithm operates in two phases, the offline phase and the online phase.
• The offline phase starts when the device gets the dictionary.
• The offline phase consists of inspection of the shared dictionary common to all SDCH-compressed traffic.
• In the offline phase, auxiliary information is marked to speed up the online DPI inspection.
• Upon receiving the delta file, which is unique to each compressed file, it is scanned online.
• System skips up to 99% of the referenced data and gains up to 56% improvement in the performance of the multi-patterns matching algorithm, as compared with scanning the plain text directly, that is, it works almost at the rate of the compressed traffic, implying a speed gain of SDCH’s compression ratio.
• Low memory footprint so algorithm can be easily deployed in current environments.

Development Milestones

• Seeking industrial cooperation to implement the system

The Opportunity

• Algorithm can run within a security tool that performs DPI, deployed with a pattern matching algorithm.
• Can run in a single user environment, such as PC, tablet, or cellular phone