Guest Editorial Deep Packet Inspection: Algorithms, Hardware, and Applications

EEP packet inspection (DPI) examines the content in packet payloads to search for signatures of network applications, signs of malicious activities, and leaks of sensitive information, rather than just examine packet headers for information such as IP addresses and port numbers. The inspection provides network devices with rich information of application protocol messages in packet payloads, and enables them to make intelligent decisions in packet processing based on the information. Therefore, the network devices equipped with the capability of DPI can provide numerous functions, such as network intrusion detection, traffic classification and contentaware policy control of network traffic, which will be otherwise much restricted if only packet headers are known. DPI is inherently challenging due to the need to handle everincreasing number of signatures and the diversity of application protocol messages. The signatures to be inspected must be also flexible and robust enough to resist possible evasion when facing the adversary of network attacks. Furthermore, the solutions usually should operate in real time in a high-speed network, while dealing with the above complexity. As a result, we believe that DPI still deserves careful study in depth, even though it has been studied for longer than a decade [1] and simultaneously searching a byte stream for thousands of patterns or even more at multi-giga bits per second is feasible in many state-of-the-art designs. We received a total of 39 submissions, and selected 13 quality papers for publication after two rounds of reviews. The papers are organized into the following four sections: (1) Scalable Algorithms and Architectures for DPI, (2) Network Traffic Analysis with DPI, (3) Network Protocol Identification with DPI, and (4) Network Security Analysis with DPI. It isessential that the algorithms for DPI should be scalable to accommodate a large number of signatures in limited memory