Research On Noise-Abatement Technique Of DPIS In High-Speed Network

The information revolution represented by Internet has greatly changed our manner of working and daily life. It has become an important factor to promote economic development and social progress. But then the growing problem of network security is gravely damaging mores on the Internet, unhealthy information spread crazily with the shelter of normal information, privacy disclosure and online bank theft occurs frequently.Deep packet inspection (DPI) plays a critical and important role in network content analysis and filtering. It has been applied to intrusion detection and intrusion prevention. However, with the growth of network bandwidth and expansion of feature library of scanning, the performance bottlenecks of current deep packet inspection system (DPIS) are already appealing. Research shows that the DPIS is busy performing string matching (or pattern matching), but in WAN environment, there are a great many "noise" traffic which has no payload, these "noise" traffic seriously disturb DPIS.In this paper, we regarded the DPIS based on multi-core parallel architecture as research object. We researched into the classification problem of noise traffic. On the basis of TCP/IP architectural model, we classified them into three categories:network layer noise traffic, transport layer noise traffic and application layer noise traffic, and then analyzed the harm to DPIS. Network layer noise traffic brings about partial overload problem and transport noise traffic gives occasion to session table explosion problem. Comparatively speaking, the impact of application layer noise traffic is less than other two. Hence, we make an in-depth study of noise-abatement technique for network layer noise traffic and transport layer noise traffic. In order to avoid the partial overload, we proposed a self-feedback traffic distributed strategy with filter. To aim at session table explosion problem, a novel three level session table was designed and a hybrid session management policy was implemented. Experimental results shows that the method mentioned in this article can effectively filter "noise" traffic, enhance the robustness of the system, and improve the performance of DPIS.