| In the information-based society, network is increasingly in dependence, and application layer protocols are emerging in endlessly. These entire make the network status is becoming more and more complex, network security management is faced with more challenges. Deep packet inspection technology, as one of the methods of network management, can help the internet service providers to analyze the type of frequently used network application layer protocol. According to the results of DPI the internet service providers can allocate the network bandwidth resources reasonably, improve the efficiency of network operation, and provide users with high-quality services. The biggest challenge to deep packet inspection is its nature to the safety of users’ privacy, since it claims to require some or all of the packet payloads. This paper proposes Privacy aware Deep Packet Inspection technology(PaDPI) to deal with the security problem of users’ privacy of the Deep Packet Inspection technology.Privacy aware Deep Packet Inspection is based on the vision that limited length of packet payloads on selected positions can be truncated, while not violating users’ privacy on contents, and can also gain high accuracy on truncated payloads for most of protocols. Compare with the conventional deep packet inspection, the innovative points of Privacy aware Deep Packet Inspection as follows:1. We classify the privacy of packet payload into five levels according to specific applications. According to the pattern and characteristics of the application layer protocols, different levels of privacy and the maximum safety depth of L3 privacy are observed and defined within packet payloads.2. PaDPI add the preprocessing operations. The preprocessing operations propose some schemes to truncate network packets by using privacy indicators and the maximum safety depth of L3 privacy of the special protocols. The schemes of the preprocessing operations are truncating packets in the front, truncating the front and rear of the packet payloads, and truncating selected positions in the payloads. The preprocessing operations are in order to identify application protocols on truncated network packets while not violating users’ privacy.3. Using the improved regular expression library. We design and realize a privacy aware deep packet inspection system based on PaDPI. In order to evaluate the versatility and usability, the system use the improved regular expression based on L7-filter system to identify application layer protocols.We design and realize privacy aware deep packet inspection system based on PaDPI, and evaluated proposed approaches using real network trace on 12 widely used application protocols. The results on real network trace show that truncating packet payloads with 8 bytes in the front and 5 bytes in the rear can commonly protect most of applications in the third level of privacy and preserve a possibility to identify applications with an accurate of more than 80%. Privacy aware Deep Packet Inspection offers a new idea for the network security management. How to make Privacy aware Deep Packet Inspection is suitable for more application layer protocols is the main problem of the further research. |
PDF Full Text Request