查看文章

Traffic analysis is currently used by Internet Service Providers (ISP) to gain important insights on users' behavior, and to develop from them new applications that can best exploit their network. The volume of encrypted traffic is increasing and this poses new limits on the potentiality of Deep Packet Inspection (DPI) techniques, normally used to analyze traffic flows. However, an important amount of information can still be extracted from the first packets belonging to a connection which usually are transmitted in clear. Recent research works have shown that traffic inspected by the DPI can be reduced without losing classification accuracy. In this thesis we propose to exploit stateful SDN data plane to offload, down to network elements, the process of filtering. We show that it is possible to dramatically decrease the amount of traffic analyzed by the DPI with zero-classification accuracy loss. We also show that we can reduce the computational requirements of the DPI and that the impact of the functions offloaded to network switches is negligible in terms of their performance. By taking advantage of the programmability of the data plane we also managed to delegate to the switches the process of statistics collection (such as per-flow number of packets, number of bytes, and duration), that otherwise would be lost by applying our filtering scheme. We gave evidences that this solution can be implemented in hardware, and also discuss an alternative implementation, based exclusively on a stateless data plane. Finally, we identify additional extensions to further optimize the solution.