Leveraging Traffic Repetitions for High-Speed Deep Packet Inspection

Anat Bremler-Barr, David Hay, Yotam Harchol, Shimrit Tzur David
Conferences & Workshops
Deep Packet Inspection (DPI)


Deep Packet Inspection (DPI) plays a major role in contemporary networks. Specifically, in datacenters of content providers, the scanned data may be highly repetitive. Most DPI engines are based on identifying signatures in the packet payload. This pattern matching process is expensive both in memory and CPU resources, and thus, often becomes the bottleneck of the entire application.
In this paper we show how DPI can be accelerated by leveraging repetitions in the inspected traffic. Our new mechanism makes use of these repetitions to allow the repeated data to be skipped rather than scanned again. The mechanism consists of a slow path, in which frequently repeated strings are identified and stored in a dictionary, along with some succinct information for accelerating the DPI process, and a data path, where the traffic is scanned byte by byte but strings from the dictionary, if encountered, are skipped. Upon skipping, the data path recovers to the state it would have been in had the scanning continued byte by byte.
Our solution achieves a significant performance boost, especially when data is from the same content source (e.g., the same website). Our experiments show that for such cases, our solution achieves a throughput gain of 1.25 − 2.5 times the original throughput, when implemented in software.

  author={Bremler-Barr, Anat and David, Shimrit Tzur and Harchol, Yotam and Hay, David},
  booktitle={2015 IEEE Conference on Computer Communications (INFOCOM)}, 
  title={Leveraging traffic repetitions for high-speed deep packet inspection},