Friday, July 27, 2007

Deep packet inspection meets 'Net neutrality, CALEA: Page 1

There's a very interesting, in-depth discussion of "deep packet inspection", and some of the implications of it on Ars Technica. DPI is diving into the packets flowing through an ISP, and opening them up to inspect the content - eg, there are commercial tools to identify the type of traffic (e.g., virus vs YouTube video vs iTunes download vs chat vs email vs ...). "Flow analysis" is assembling packets together (e.g., to reconstruct an email message), and that's also commercialized. DPI products that are "CALEA-compliant" can collect and offload a user's datastream (CALEA is the "Communications Assistance to Law Enforcement Act") - usually this stuff is farmed out by an ISP to specialists. Once packets (or flow) is classified it's also possible to impose rules - e.g., squash viruses, eliminate denial-of-service attacks, disallow on-line games for non-premium users, or slow down traffic from, say, YouTube to a crawl unless Google pays up a designated fee.

According to the article, current DPI systems classify packets using signature-based methods, much like anti-virus systems do. This makes a lot of sense if you're only interested in Personally I'm surprised that machine learning isn't used in this step yet - but I suspect that this will happen before long.