Ivannikov Institute for System Programming of the RAS


Research and development of a deep packet inspection infrastructure.

Start of project – 2015. Customer - RFBR.

The importance of network traffic analysis is constantly increasing because of novel network technologies being developed immediately hitting the market, thus increasing data volume (including personal and sensitive information) transmitted over network by innumerable network applications many of which implement closed application level protocols. Available network analysis tools typically don’t offer generic facilities to inspect application protocols, usually only widespread protocols are supported.

Sensitive information transmission requires proper network security. Tunneling is a well-known mechanism used to establish secure sessions between two subnetworks over an insecure channel. Protocol encapsulation provided by tunneling can produce arbitrary nesting, and the encapsulated protocol can belong to the same or lower network stack level than the tunneling protocol. Tunneling is used everywhere, and that calls for monitoring tools to be able to analyze tunneled traffic. Existing network analyzers typically provide a fixed set of supported tunnel types, with tunnel settings usually hardcoded into the implementation. Thus, comprehensive analysis of tunneled network traffic can’t be achieved by common analysis tools.

The project deliverables is expected to be a system for network traffic analysis. The system will be capable of efficiently analyzing application protocol data, as well as arbitrarily configured multi-level tunnels.

RFBR grant 15-07-07652-а.

Implementer

Compiler Technology

Go to the list of projects