Go to DBLP homepage${\sf NetDPI}$NetDPI: Efficient Deep Packet Inspection via Filtering-Plus-Verification in Programmable 5G Data Plane for Multi-Access Edge Computing
Abstract: In this paper, we advocate ${\sf NetDPI}$, a novel and efficient Deep Packet Inspection (DPI) solution built-in 5G Data Plane for multi-access edge computing, leveraging the unique forwarding while computing capability of emerging programmable switches. As the cornerstone, we propose ${\sf FIVE}$, the first Filtering-plus-Verification algorithm tailored to programmable switches to achieve efficient multiple pattern matching (i.e., the core of DPI). Briefly, the filtering phase introduces a multi-window parallel shift-or algorithm to rapidly screen out all the “suspicious” packet payloads. Meanwhile, the verification phase innovates a level-based state encoding scheme for the Aho–Corasick (AC) algorithm, which substantially increases the number of supported patterns and consequently figures out more “guilty” payloads. We implement the prototype of ${\sf NetDPI}$ in both software and hardware programmable switches (i.e., BMv2 and Barefoot Tofino2) and make them publicly available. Extensive evaluations indicate that ${\sf NetDPI}$ provides orders of magnitude improvement in throughput compared to the typical cloud-delivered DPI solutions, and besides ${\sf FIVE}$ greatly reduces the memory consumption compared to the alternative in-network exact match algorithms under a variety of system settings including different DPI pattern sets and malware-packet percentages.
Loading