Classifying Network Traffic Using DPI and DFI

INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 11, NOVEMBER 2019 ISSN 2277-8616

Classifying Network Traffic Using DPI And DFI

Argha Ghosh, Dr. A. Senthilrajan

Abstract: Nowadays, most of the people are using Internet, for that reason, Internet getting crowded or full of traffic in terms of the network traffic. In between, Hackers/Phishers get best of their chances to make it count for doing their anonymous work comfortably. For managing or handling this much number of traffic it’s a big task to ask for. So, particularly some techniques are needed to check the incoming traffic is malicious or not. Mainly there are three types of network traffic identification methods. And, they are Port-Matching, Deep Packet Inspection and Machine Learning. Port matching is the simpler among those and mainly used in the past. Deep Packet Inspection (DPI) mainly used for High-Speed networks for detect the Network Traffic. And, some of the country’s government likes Egypt, China, etc. is using Deep Packet Inspection for better network traffic identification. Machine Learning mainly used to detect modern-day network traffic. And, it has several classification algorithms like Bayesian identification, Support Vector Machine (SVM), C4.5 and other machine-learning algorithm. This paper proposes a network traffic identification approach using Deep Packet Inspection and Deep Flow Inspection. Besides those above-mentioned identification methods, this paper focuses on P2P traffic identification also because nowadays almost 60%- 80% of traffic comes under P2P traffic.

Index Terms: Deep Packet Inspection, Deep Flow Inspection, Machine Learning, Network Traffic Identification, Port Matching, P2P Traffic Identification. ————————————————————

1 INTRODUCTION Day by Day Internet getting crowded because most of the architecture, and Section VII concludes the paper with future people are using the internet, and also with-out the Internet work. these day human’s life is incomplete, for all those reasons network traffic also gets increased. Most of the people want 2 RELATED WORK fast forward identification of network traffic so that common Bowen Yang et al. [1] proposed architecture to identify network people could continue their surfing, browsing and also Internet traffic using Deep Packet Inspection and Machine Learning. services in a faster manner. Network Traffic Identification is They implement both DPI and Machine Learning to develop a fruitful for knowing the sender’s protocol (WWW, FTP, P2P, framework to identify Network Traffic. Liu Zhenxiang et al. [2] etc.), sender’s address, sender’s port, receiver’s address; proposed a model to identify P2P traffic, they build a receiver’s port and, size of the payload or packet in the queue, recognizer using Naive Bayes machine learning algorithm to for identifying the content of payload and, also for identifying identify P2P traffic. Chunzhi Wang et al. [3] proposed a logical the Application. Moreover, to check anything got changed in- view of DPI and DFI, and they include four modules of DPI between Server and Client or between Sender and Receiver. and DFI traffic identification and a concurrent view of DPI and To check any anonymous activity in the middle or not, if there DFI. Hongwei Chen et al. [4] proposed P2P Traffic any malicious activity found then stopped the transmission of Identification Model based on DPI and DFI. They compare the payload or packet queue, before it reaches to the client or between Library of DPI Feature and Library of DPI Method receiver. In the context of network traffic identification, between Library of DFI Feature and Library of DFI Method. presently there are three common methods are there, those And, proposed a coordinate module between DPI Module and are Port Matching, Deep Packet Inspection and, Machine DFI Module for identifying the P2P traffic. Hongwei Chen et al. Learning. We have been described about all the three [5] proposed Algorithm Comparison of P2P Traffic methods briefly in Section IV. To modify Moreover, nowadays Identification based on Deep Packet Inspection. They have 60%-80% bandwidth/traffic occupied on the Internet by P2P been compared between the matching algorithms like Aho- traffic, Peer-to-Peer(P2P) traffic mainly generated by Corasick (AC) algorithm, Wu-Manber algorithm and Set distributed applications like Skype, BitTorrent, Gnutella, Backward Oracle Matching (SBOM) algorithm. ZebaAtique eDonkey2000, QQLive, Fasttrack etc. Here, proposed Shaikh et al. [6] provide an overview of Network Traffic architecture to identify P2P traffic. The rest of the paper is Classification methods, like Payload-Based Traffic formulated as follows. Section II discuss about Literature Classification, Deep Packet Inspection and Cisco Survey about previously used techniques to detect P2P traffic. Classification Technologies. Lastly, they present an approach Section III presents DPI and DFI and their differences, on Naïve Bayesian and Bayesian Neural Network based traffic characteristics, ability, and advantages over each other. classification. Jingyu Wang et al. [7] analyzes the Section IV will provide all the three methods of Network Traffic characteristics of P2P traffic then presents a traffic Identification; those are Port Matching, Deep Packet identification algorithm and, in the end, evaluates the Inspection and Machine Learning. Section V will present the performance of traffic identification algorithm based on some proposed architecture to identify P2P traffic using DPI and of the P2P applications like eMule, pplive, kugoo, etc. Song DFI. Section VI provides evaluation of the proposed Yang et al. [8] proposed a traffic flow model for optical network traffic based on content identification and they provide an

———————————————— analysis of traffic flow model. Fereshte Dehghani et al. [9]  Argha Ghosh is currently pursuing Doctor of Philosophy (Ph. D) in proposed a traffic classification model using Baysian algorithm computer science in Alagappa University, India, PH-+918145232677. E- for real-time traffic classification based on statistical and mail: [email protected] payload content features.  Dr. A. Senthilrajan is currently working as Professor in Department of Computational Logistics in Alagappa University, India. E-mail: [email protected]

3 DEEP PACKET INSPECTION AND DEEP FLOW INSPECTION

Deep Packet Inspection (DPI) is a real-time network filtering and Internet traffic analyzing technology that mainly works in High-Speed network connection. DPI can be implemented in the application layer of Open System Interconnection (OSI) model. It is called “deep” inspection because the inspection not only includes the packet headers but also covers the packet payloads [10]. Deep Packet Inspection (DPI) technologies are intended to allow network operators precisely to identify the origin and content of each packet of data that passes through the networking hubs [11]. DPI can identify the packet content and packet ID. A classical algorithm for Fig. 1. Domain of Traditional Packet Forwarding and DPI decades, string matching has recently proven useful for deep packet inspection (DPI) to detect intrusions, scan for viruses, and filter Internet content [12].DPI makes network filtering by However, DPI used to use some of the methods for string examining the signature of the payload packet either by string matching and expression matching the same way DFI also matching algorithms like Wu-Manber, Aho-corasick, and uses methods like Support Vector Machine (SVM), Neural SBOM, or by regular expression matching algorithms which is Network, Bayes Classifier, Decision Tree etc. Intrusion used in NIDS of Snort, Bro and L7-filter in Linux [13]. DPI uses detection, virus scanning, content filtering, instant-messenger two approaches to collect data packets, and they are Port management, and peer-to-peer identification all can use string Mirroring and Optical Splitter. Port mirroring known as matching for inspection [14]. Malicious behavior detection is Switched Port Analyzer (SPAN) also, it mainly used to monitor generally classified into two levels: packet level and flow level, the network traffic. It can perform the task of monitoring each for which DPI (Deep Packet Inspection) and DFI (Deep Flow incoming packet in one port of a network. Optical Splitter Detection) are representatives [18]. DPI and DFI are two mainly collects the packet information and used to send the supportive processes of each other in the context of identifying information of a packet to the network manager. To improve network traffic. Using the deep packet inspection (DPI) programmability and re-configurability, the hardware intrusive technology thoroughly reads the contents of the IP packet detection system is using network processor (NP) to perform payload [19]. pattern search using deep packet inspection [14]. DPI able to detect protocols and applications using three methods and 4 NETWORK TRAFFIC IDENTIFICATION those are Port Detection, Signature Detection and Heuristics METHODS Detection. Other characteristics of a high-performance DPI system include flow-based detection (for TCP, UDP and WAP), The term Network Traffic Identification mainly refers that support for IPv4 and IPv6, TCP/IP normalization and identifying the incoming network traffic that mainly generated reassembly and rules-based metadata extraction [15]. In most by the network applications (like WWW, FTP, P2P) in the applications, DPI use Signature Detection approach for network, mainly generated by protocol like TCP/IP, SMTP, signature matching through automaton-based pattern HTTPS, SNMP, FTP, DNS, POP 3, Telnet, IMAP protocol. For matching. Traditional packet forwarding systems like Shallow detecting or identifying network traffic commonly there are Packet Inspection (SPI), Medium Packet Inspection (MPI) three methods used and those are Port Matching, Deep can’t perform the detection on the Data section of a packet Packet Inspection and Machine Learning. In the following have but, Deep Packet Inspection (DPI) can check Data section of a been discussed network traffic identifying methods. packet. Moreover, Shallow Packet Inspection (SPI) can perform analyzing on Physical and Data Link Layer of Open 4.1 Identification Method Based on Port Matching System Interconnection (OSI) and Medium Packet Inspection Port matching is the basic and straight-forward method used in (MPI) able to perform the detection task on Transport, network traffic identification. Before DPI and Machine Learning Network, Data Link and Physical Layer of Open System came in the scenario olden days, port matching mainly used to Interconnection (OSI) whereas, Deep Packet Inspection (DPI) identify the network traffic, but nowadays this technique didn’t able to monitor all the Layers of Open System Interconnection used to detect the network traffic. Port matching mainly follows (OSI) of reference model. DFI also used for detecting or the simple concept of traffic detection; most of the P2P identifying the network traffic but DFI can’t provide the high application has their default port like BitTorrent have the port accuracy like Deep Packet Inspection (DPI) but still DFI is 6881-6889 TCP/UDP. When BitTorrent application runs, it uses effective. But both DPI and DFI is promising in terms of this particular port to communicate with the Internet, then identifying network traffic. Traffic identification means network administrator can identify the network traffic, by classifying through a series of features of flow [5]. DFI mainly seeing that any communication made by using that particular uses some of the network flow features like TBF (Total Bytes default port and then network administrator can assume that of Flow), PCF (Packet Count of Flow), DF (Duration of each its P2P traffic used by that particular P2P application. If a Flow), APBF (Average Packet Bytes of Flow), etc. network administrator doesn’t have costly Intrusion Detection System (IDS), without using any IDS, network administrator can understand the type of network traffic as well as type of 3984 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 11, NOVEMBER 2019 ISSN 2277-8616

application. However, port matching is easy to compare to DPI Support Vector Machine (SVM), C4.5, etc. based on packet/ and machine learning it’s has the biggest drawback also traffic characteristics machine learning algorithm has been because a user can change their port for the application implemented to identifying network traffic. Moreover, it’s clear manually, in that case, this method will not identify the network that the machine learning techniques are used to detect traffic correctly. Moreover, new P2P applications in the present modern-day application and its network traffic. era used to use the dynamic port, in that context port matching Machine Learning algorithms are used to make decision in is not effective as well as impossible to identify the network terms necessary intelligence or knowledge based on Feature traffic correctly as well as the P2P application also. Previously, selection. Automated networks can be pushed further with the people used only HTTP and FTP and though have the port help of artificial intelligence and machine learning in addition to number 80 and 21 respectively, for that reason only in past monitoring [27]. Automated networks mainly designed and time port matching was effective but nowadays it can provide implemented by use cases. mostly inaccurate network traffic identification result. 4.4 Comparison between Network Traffic Identification 4.2 Identification Method Based on Deep Packet Methods Inspection After discussed all the three network traffic identification In this approach the data packets are inspected for specific approaches it’s clear that Port Matching mainly perform in protocol signatures in an effort to identify the originating olden days when there is no dynamic port or user can’t set the network applications and, as a result, the traffic is scanned at port manually in that time but whereas DPI is using in modern- all the OSI levels (2-7) including the headers and the day on the high-speed network to perform the network traffic payloads, extracting a packet signature according to a identification to detect the network traffic easily. In fact, deep predefined set of rules [20].Deep Packet Inspection identify packet inspection (DPI) is able to accurately classify and the data packet content during network interaction or data control traffic in terms of applications and content [28]. In the transmission in terms of pattern matching, and identify the same context, whereas Machine Learning is useful to detect type of application depends on the content of data packet. the network traffic where the user used to use various kind of Deep packet filtering (DPF) plays a crucial role in application at a time. High-speed network packet forwarding sophisticated access control for large networks [21]. DPI can’t system plays a vital role in many fields, such as packet get affected by port changes or by dynamic port, and this is analysis, virus detection and traffic management [26]. Port the common difference between DPI based network traffic matching perform the detection the task of network traffic in detection and port-based network traffic detection. One of the port-level or based on the port-number whereas DPI uses the most frequently performed operations in IDS (DPI) is packet-level detection for network traffic detection and searching for predefined patterns in the packet payload [22]. machine learning perform based on the characteristics of DPI can identify the network traffic fast manner. Identification Packet like packet size, number of packets in the queue, Level of DPI is Packet-level identification and DPI didn’t packet transmission frequency, etc. perform the task of network traffic identification for encrypted traffic. The basic concept of DPI contains content analysis of 5 P2P TRAFFIC CLASSIFICATION BASED the captured packets as well as accurate and timely ON DPI AND DFI discrimination of the traffic flows generated by different In the beginning of network traffic identification, our proposed application programs [23]. DPI mainly performs the approach will separate the regular business traffic and classification task on strings or bit sequences. DPI mainly has encrypted traffic based on the port address of incoming two working modes. In online mode, it copies packet from the network traffic because proposed identification technique buffer and identifies packets with the DPI Method assigned by using DPI and, DPI can’t identify the encrypted and new P2P the user, then it sends packets and identification results to traffic. First of all, the proposed design gains the network Coordinate Module. In offline mode, it maintains and updates traffic/data packet from a network and then process the the DPI Feature Database [4]. Furthermore, DPI and its network traffic to find out the IP address of incoming data conforming pattern matching algorithms are also important packet, and from there collecting the data regarding Source building blocks for other applications in the network such as and Destination IP address of network traffic. After that, load balancing and monitoring of network traffic [24]. proposed architecture will get the information about Source and Destination Port of data packets by performing Port 4.3 Identification Method Based on Machine Learning Identification. Next process of the proposed model is that Due to different application protocols, network data flow has performing the task of identifying the protocol that using by the different characteristics in terms of data flow duration, packet captured data packets/network traffic. Up to these, those are length, packet transmission frequency and packet rate [1]. In the Preliminary stages of the proposed model to identify this era of Internet, everyone used to use various kinds of network traffic. After that, network traffic/data packets used to applications with internet for that reason the entire internet reach Traffic Collection Module were data packets used to get user’s network traffic is not similar, for that reason all the classified in terms of attributes like sender’s IP address, user’s data packet rate, flow transmission, packet length is sender’s Port, receiver’s IP address, receiver’s Port and type also not similar, different than each other. Machine Learning of IP protocol or name of the protocol. Apart from that, in provides a collection of techniques to fundamentally adapt to Traffic Collection Module network traffic used to get ready for the dynamic behavior [25]. Several machine learning processing with the DPI and DFI Module. Two main features of algorithms are there, like Naive Bayesian classification, DPI that perform strong signature detection and produce 3985 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 11, NOVEMBER 2019 ISSN 2277-8616

results with high throughput and minimum latency [27]. Packet Bytes of Flow), TBF (Total Bytes of Flow) and, PCF (Packet Count of Flow), DFI mainly perform the task of classification on network traffic. DFI Method mainly contains four artificial intelligence algorithms and they are Artificial Neural Network, Support Vector Machines, Decision Tree and, Naive Bayes Classifier. All those artificial intelligence algorithms can be applied for classifying the P2P traffic. However, already discussed that DPI can’t identify the encrypted traffic compare to that whereas DFI can identify encrypted network traffic. So, for that reason, proposed architecture coupled DFI with DPI, to over-come the encrypted traffic detecting issue. Identification Result segment mainly perform the job of coordinating between DPI and DFI Module and then based on those two modules result, Identification Result segment detecting/identifying the network traffic. It’s mainly performing the job of matching the incoming traffic with DPI and DFI module then it’s making the decision as well as producing the result that the traffic is P2P traffic or not, else what kind of traffic it is.

6 EXPERIMENTAL EVALUATION

Fig. 3. Real-Time Traffic Analyzing

We have been implemented the proposed architecture for Fig. 2. Proposed Model for Classifying P2P Traffic classifying the network traffic and tries to utilize the

performance of our proposed model. Our proposed design DPI module mainly contains two libraries; they are DPI running successfully for classifying the network traffic, we are Feature and DPI Method. DPI Feature mainly contains P2P testing that by Wireshark data-packet analyzer for our Application and their respective Characteristics code. By reference to classify the network traffic. Our proposed design checking the respective characteristics code for incoming data can’t identify the new P2P application traffic and can’t detect packet/network traffic, it can detect P2P Application. For that encrypted traffic also due to its ability. In future, planning to reason, have been already discussed that if new P2P implement the Naive Bayesian Classification method for application’s data packet/network traffic passes through the recognizing the encrypted and new P2P traffic based on deep proposed architecture, that time DPI can’t identify the new P2P packet load method including DPI, DFI and DCI(Deep Content Application name, for that reason proposed architecture Inspection) to detect the new P2P application traffic as well as unable to detect new P2P Application. DPI Method mainly to detect encrypted traffic also because, Deep Packet contains three string matching algorithms and those are Aho- Inspection (DPI) can’t identify the encrypted and new P2P Corasick (AC) algorithm, Wu-Manber algorithm and Set traffic. Backward Oracle Matching algorithm. All those three-string matching algorithms can be applied to match the string for classifying the P2P traffic. The modern DPI tools use many different strategies in order to determine the application, protocol, and content like: pattern matching, port numbers, packet sizes [28]. DFI module mainly contains two libraries; they are DFI Feature and DFI Method. DFI Feature mainly contains Network Flow Features. And, using those network flow feature like DF (Duration of each Flow), APBF (Average 3986 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 11, NOVEMBER 2019 ISSN 2277-8616

https://ieeexplore.ieee.org/document/5374577 [4] Hongwei Chen, Zhengbing Hu, Zhewei Ye and, Wei Liu “A New Model for P2P Traffic Identification Based on DPI and

DFI” Available: https://ieeexplore.ieee.org/document/5366295 [5] Hongwei Chen, Fangping You, Xin Zhou and, Chunzhi Wang “Algorithm Comparison of P2P Traffic Identification Based on Deep Packet Inspection” Available:

https://ieeexplore.ieee.org/document/5374593 [6] ZebaAtique Shaikh and, Prof. Dr. D.G. Harkut “An Overview of Network Traffic Classification Methods” Available: https://pdfs.semanticscholar.org/8efd/03df47062a376fbd1e 8710a10940296643a6.pdf

Fig. 4. Real-Time Traffic Analyzing [7] Jingyu Wang, Jiyuan Zhang and, Yuesheng Tan “Research of P2P Traffic Identification Based on Traffic Characteristics” Available: https://ieeexplore.ieee.org/document/6001790 7 CONCLUSION AND FUTURE WORK [8] Song Yang, Xiaoguang Zhang, Lixia Xi and, Congpeng Lu Network traffic classification is a big job to ask for because “Research Optical Network Traffic Based on the Content everyone is using Internet nowadays, that makes the Internet Identification” Available: traffic heavy and it’s difficult to identifying the network traffic https://ieeexplore.ieee.org/document/6155889 from those huge number of Internet traffic. Here, we proposed [9] FereshteDehghani, Nasser Movahhedinia, Mohammad a network traffic identifying architecture using DPI and DFI, Reza Khayyambashi and, Sahar Kianian “Real-time Traffic both the methods have drawbacks over each other. DPI and Classification Based on Statistical and Payload Content DFI identifying the network traffic in terms of their Library Features” Available: Features and Library Methods. In future, planning to https://ieeexplore.ieee.org/document/5473467 implement the Naive Bayesian Classification method for [10] SafaAlkateb “White Paper: 5 Things You Need to Know recognizing the encrypted and new P2P traffic based on deep About Deep Packet Inspection (DPI)” Available: packet load method because, Deep Packet Inspection (DPI) https://docplayer.net/7150123-5- things-you-need-to-know- can’t identify the encrypted and new P2P traffic. about-deep-packet-inspection-dpi.html [11] “White paper on Deep Packet Inspection” Available: ACKNOWLEDGMENT http://tec.gov.in/pdf/Studypaper/White%20paper%20on%20 DPI.pdf We would like to thank Dr. K. Kuppusamy for improving [12] Po-Ching Lin, Ying-Dar Lin, Tsern-Huei Lee and, Yuan- the content of this paper, as well as acknowledging the effort Cheng Lai “Using String Matching for Deep Packet of Dr. E. Ramaraj for his guidance. This research work has Inspection” Available: been written with the financial support of Rashtriya Uchchatar https://ieeexplore.ieee.org/document/4488244 Shiksha Abhiyan (RUSA- Phase 2.0) grant sanctioned vide [13] RehamTaher El-Maghraby, Nada MostafaAbdElazim and, Letter No. F.24-51/2014-U, Policy (TNMulti-Gen), Dept. of Edn. Ayman M. Bahaa-Eldin “A Survey on Deep Packet Govt. of India, Dt. Inspection” Available: 09.10.2018. Express appreciation to all those author’s whose https://ieeexplore.ieee.org/document/8275301 references we used in this research-work. Acknowledging Mrs. [14] N. Weng, L. Vespa and, B. Soewito, “Deep packet pre- Anju Ghosh, Mrs. Moumita Ghosh Bairagi, Mr. Bidhan Ghosh filtering and finite state encoding for adaptive intrusion and rest of my family members for their Support and Love. detection system” Available: Special Thanks’ to Mr. N. Alagu Ganesan and Mr. G. https://www.sciencedirect.com/science/article/abs/pii/S1389 Veerapandi for their helpful hand and Support in this research- 128610003749 work. [15] Chengcheng Xu, Shuhui Chen, JinshuSu, S.M. Yiu and, Lucas C.K. Hui “A Survey on Regular Expression Matching REFERENCES for Deep Packet Inspection: Applications, Algorithms and [1] Bowen Yang and, Dong Liu “Research on Network Traffic Hardware platforms” Available: Identification based on Machine Learning and Deep Packet https://ieeexplore.ieee.org/document/7468531 Inspection” Available: [16] Yu-tong Guo, Yang Gao, Yan Wang, Meng-yuan Qin, Yu-jie https://ieeexplore.ieee.org/document/8729153 Pu, Zeng Wang, Dan-dan Liu, Xiang-jun Chen, Tian-feng [2] Liu Zhenxiang, He Mingbo, Liu Song and, Wang Xin Gao, Ting-ting Lv and, Zhong-chuan Fu “DPI &DFI: a “Research of P2P Traffic Comprehensive Identification Malicious Behavior Detection Method Combining Deep Method” Available: Packet Inspection and Deep Flow Inspection” Available: https://ieeexplore.ieee.org/document/5948739 https://www.sciencedirect.com/science/article/pii/S1877705 [3] Chunzhi Wang, Xin Zhou, Fangping You and, Hongwei 81730276X Chen “Design of P2P Traffic Identification Based on DPI [17] Li Wei, Liu Hongyu and, Zhang Xiaoliang “A Network Data and DFI” Available: Security Analysis Method Based on DPI Technology”

Available: https://ieeexplore.ieee.org/document/7883228 [18] S. Zamfir, T. Balan, F.Sandu and, C.Costache “Solutions for Deep Packet Inspection in Industrial Communications” Available: https://ieeexplore.ieee.org/document/7528337 [19] Yi-Hui Lin, Shan-Hsiang Shen, Ming-Hong Yang, De-Nian Yang and, Wen-Tsuen Chen “Privacy-Preserving Deep Packet Filtering over Encrypted Traffic in Software-Defined Networks” Available: https://ieeexplore.ieee.org/document/7510993 [20] ZouheirTrabelsi, SafaaZeidan and, Mohammad M. Masud “Network Packet Filtering and Deep Packet Inspection Hybrid Mechanism for IDS Early Packet Matching” Available: https://ieeexplore.ieee.org/document/7474172 [21] Gaolei Li, Mianxiong Dong, Kaoru Ota, Jun Wu, Jianhua Li and, Tianpeng Ye “Deep Packet Inspection based Application-Aware Traffic Control for Software Defined Networks” Available: https://ieeexplore.ieee.org/document/7841721 [22] RoaaShubbar and, Mahmood Ahmadi “Fast 2D filter with low false positive for network packet inspection” Available: https://ieeexplore.ieee.org/document/8245943 [23] Danish Rafique and, Luis Velasco “Machine Learning for Network Automation: Overview, Architecture, and Applications” Available: https://ieeexplore.ieee.org/document/8501533 [24] Fabien Boitier and, Patricia Layec “Automated Optical Networks with Monitoring and Machine Learning” Available: https://ieeexplore.ieee.org/document/8473802 [25] Mohammad Al-hisnawi and, Mahmood Ahmadi “Deep Packet Inspection Using Quotient Filter” Available: https://ieeexplore.ieee.org/document/7548376 [26] Hao BI and, Zhao-Hun WANG “DPDK-based Improvement of Packet Forwarding” Available: DOI: 10.1051/itmconf/20160701009 [27] Mohammad Al-hisnawi and, Mahmood Ahmadi “QCF for deep packet inspection” Available: https://ieeexplore.ieee.org/document/8444520 [28] B. Renukadevi and, Dr. S. Daniel Madan Raja “Deep Packet Inspection Management Application in SDN” Available: https://ieeexplore.ieee.org/document/79722