DEEP PACKET INSPECTION (DPI)
AS A SOLUTION TO MANAGING
SECURITY THREATS

Ian Betteridge
November 2013
THE SECURITY CHALLENGE
• More sophisticated and effective cyber attacks
mean traditional security solutions e.g.
firewall,...
IPOQUE PACE = STATE OF THE ART DPI

PREPROCESSING

• Defragmentation
Engine

• Packet Re-ordering
• Connection
subscriber ...
PACE – HOW WE DO DPI
•

We use a variety of analysis techniques to reliably detect
network protocols:
•

Pattern matching
...
PRE PROCESSING IMPROVES ACCURACY AND
RATE OF CLASSIFICATION
PREPROCESSING

• Defragmentation Engine
• Packet Re-ordering

...
CLASSIFICATION

Protocol History

CLASSIFICATION

Protocol
• Flash (Group
Streaming)
• HTTP
(Group Web)

Sub Protocol
• Me...
METADATA EXTRACTION

METADATA
EXTRACTION

•

Examples
•
•
•
•
•
•

•

User ID
IP address
Time and date of login/off
Host
U...
METADATA OUTPUT NORMALIZATION
Applications of same type produce the same Class Events:
- i.e. each webmail has a different...
METADATA EXAMPLE
EXTRA FEATURES

EXTRA
FEATURES

•

Extra features
•
•
•
•
•

•

OS detection
Client-Server identification
Tethering detect...
SECURITY BENEFITS IN USING DPI
•

Use application pre-filtering to recognize threats in
adaptable flexible way
•

Improve ...
USING PACE AS A SECOND LINE OF DEFENSE
PACE
DPI
Cyber
attacks

Off the Shelf
Security Products
Anti-Spam, anti-virus, anti...
HOW PACE ENSURES ACCURACY

Looking for
parameters a,
b and c

Looking for
parameters
d, e, f, and g

Looking for
parameter...
PACE DETECTION RATE
All Network Elements: Protocol Groups

Over 95% detection
rate
71%
22%

Streaming Protocols

3%

Uncla...
PACE PERFORMANCE TEST RESULTS

Max. concurrent
connections

Average packet
size (Bytes)

Top 5 Protocols

Gbps/core

418.7...
PACE STRENGTHS AS A DPI SOLUTION
•

Fast Performance

•

High frequency of protocol and
DPI engine updates

•

High classi...
THANK YOU!
Ian Betteridge
Ian.betteridge@ipoque.com
Phone +49 341 594030
Fax +49 341 59403019
Upcoming SlideShare
Loading in...5
×

DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management

289

Published on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
289
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Youtube example – file PDF with every release - Marcel
  • Youtube example – file PDF with every release - Marcel
  • DSS ITSEC 2013 Conference 07.11.2013 - IPOQUE Traffic Management

    1. 1. DEEP PACKET INSPECTION (DPI) AS A SOLUTION TO MANAGING SECURITY THREATS Ian Betteridge November 2013
    2. 2. THE SECURITY CHALLENGE • More sophisticated and effective cyber attacks mean traditional security solutions e.g. firewall, IDS/IPS, UTM are struggling to cope. • Need flexible and customized security policy control for real pro-active cyberdefense, especially to meet the high security needs of the government sector.
    3. 3. IPOQUE PACE = STATE OF THE ART DPI PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation CLASSIFICATION METADATA EXTRACTION EXTRA FEATURES • Protocol • Traffic statistics • OS detection • Protocol group • Users/Subscribers’ statistics • Client-Server identification • QoS parameters • Tethering detection • Sub protocol • Application • Ads detection • Custom defined protocol • Fast Path
    4. 4. PACE – HOW WE DO DPI • We use a variety of analysis techniques to reliably detect network protocols: • Pattern matching • Finite state machine • Behavioral & heuristic analyses • Lengths checks • Frequency of packet sending/receiving • Amount of connections opened by a single subscriber • Encryption usage
    5. 5. PRE PROCESSING IMPROVES ACCURACY AND RATE OF CLASSIFICATION PREPROCESSING • Defragmentation Engine • Packet Re-ordering • Connection subscriber tracking • L3 encapsulation • Key Benefits • • Accuracy Flexibility • High performance
    6. 6. CLASSIFICATION Protocol History CLASSIFICATION Protocol • Flash (Group Streaming) • HTTP (Group Web) Sub Protocol • Media Application • YouTube (Group Streaming) www.ipoque.com/sites/default/files/mediafiles/ documents/data-sheet-supported-protocols.pdf
    7. 7. METADATA EXTRACTION METADATA EXTRACTION • Examples • • • • • • • User ID IP address Time and date of login/off Host User agent Emailsubject, body, sender, receiver, attachm ent etc. File transfer: sender, receiver, login, attachment etc.
    8. 8. METADATA OUTPUT NORMALIZATION Applications of same type produce the same Class Events: - i.e. each webmail has a different look and feel and proprietary structure - PADE Solution: normalize all required fields in a unified format FROM TO (CC/BCC) SUBJECT TIMESTAMP …
    9. 9. METADATA EXAMPLE
    10. 10. EXTRA FEATURES EXTRA FEATURES • Extra features • • • • • • OS detection Client-Server identification Tethering detection Advertising detection Custom defined protocols Optimization features • • • Dynamic upgrades SMP support Fast path
    11. 11. SECURITY BENEFITS IN USING DPI • Use application pre-filtering to recognize threats in adaptable flexible way • Improve security intelligence to qualify and block an attack in real-time • Gain efficiency by focusing only on real security threats • Stay current with dynamic changes in protocols and applications • Supports recognition of your custom-defined apps and protocols • Granular customization of security policy rules
    12. 12. USING PACE AS A SECOND LINE OF DEFENSE PACE DPI Cyber attacks Off the Shelf Security Products Anti-Spam, anti-virus, antimalware, firewall, DLK. Cyber Defense Solution Critical Infrastructure
    13. 13. HOW PACE ENSURES ACCURACY Looking for parameters a, b and c Looking for parameters d, e, f, and g Looking for parameters x and y 80 % 97% 100%
    14. 14. PACE DETECTION RATE All Network Elements: Protocol Groups Over 95% detection rate 71% 22% Streaming Protocols 3% Unclassified Traffic 1% VoIP Protocols 1% P2P Protocols 2% 2,000+ Applications and Protocols recognised Web Protocols Other
    15. 15. PACE PERFORMANCE TEST RESULTS Max. concurrent connections Average packet size (Bytes) Top 5 Protocols Gbps/core 418.720 569 HTTP, FLASH, BITTOR RENT, MPEG, SKYPE 3,4 71.191 523 HTTP, SSL, RTP, FLAS H, OPENVPN 5,6 Test Conditions: • • • Hardware: i3-2120 CPU @ 3.30GHz All application enabled All features enabled
    16. 16. PACE STRENGTHS AS A DPI SOLUTION • Fast Performance • High frequency of protocol and DPI engine updates • High classification accuracy (no false positives) • Low processor to memory consumption ratio • Support for over 500 protocols • Support for thousands of applications
    17. 17. THANK YOU! Ian Betteridge Ian.betteridge@ipoque.com Phone +49 341 594030 Fax +49 341 59403019
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×