Call for Paper - Upcoming Issues

Parallelized Finite Automata-Based Deep Packet Inspection for Real-Time Intrusion Prevention in Software-Defined Networks

International Journal of Electronics and Communication Engineering
© 2025 by SSRG - IJECE Journal
Volume 12 Issue 10
Year of Publication : 2025
Authors : Krishna Kishore Thota, R. Jeberson Retna Raj
10.14445/23488549/IJECE-V12I10P109
pdf
How to Cite?

Krishna Kishore Thota, R. Jeberson Retna Raj, "Parallelized Finite Automata-Based Deep Packet Inspection for Real-Time Intrusion Prevention in Software-Defined Networks," SSRG International Journal of Electronics and Communication Engineering, vol. 12,  no. 10, pp. 84-103, 2025. Crossref, https://doi.org/10.14445/23488549/IJECE-V12I10P109

Abstract:

With the rapid growth of high-speed networks and increasing sophistication of cyber threats, Deep Packet Inspection (DPI) systems face important challenges in detecting real-time intrusion without degrading network performance. Traditional serial Deterministic Finite Automata (DFA)-based DPI approaches often suffer from state explosions and processing hurdles, making them unsuitable for modern Software-Defined Networking (SDN) environments. The purpose of this study is to design and implement a customised DPI structure that provides high identification accuracy and low delays for real-time network safety. The innovation of this research lies in its parallel DFA-based DPI engine, which integrates Hopcroft's DFA minimisation algorithm with multi-level parallelism and CUDA-based GPU acceleration. Unlike traditional methods, the proposed system enables failed multi-pattern payload matching, addressing scalability and performance issues in large-scale traffic analysis. The proposed framework packet decomposes the data into the header and payload, applying N-gram tokenisation and generalisation to prepare data for high-speed DFA processing. It is integrated tightly with an SDN controller (RYU), which enables dynamic flow table updates to reduce attacks such as DDoS and brute force in real time. CIC-IIDS 2018 displays the superiority of the system on the dataset, with 99.68% detection accuracy, 99.72% accuracy, and 0.28 ms average delays, improving existing ML-based IDs and serial DFA approaches. This research establishes a strong, scalable, and light DPI structure suitable for deployment in high-speed enterprise networks. Furthermore, it will focus on supporting encrypted traffic inspection and hardware acceleration using SmartNICs or FPGAs.

Keywords:

Parallelized DFA, Deep Packet Inspection, Software-Defined Networking, Real-Time Intrusion Detection, Hopcroft Minimization.

References:

[1] Amir Ali, and Muhammad Murtaza Yousaf, “Novel Three-Tier Intrusion Detection and Prevention System in Software Defined Network,” IEEE Access, vol. 8, pp. 109662-109676, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Tamara AlMasri, Mohammad Abu Snober, and Qasem Abu Al-Haija, “IDPS-SDN-ML: An Intrusion Detection and Prevention System Using Software-Defined Networks and Machine Learning,” 2022 1st International Conference on Smart Technology, Applied Informatics, and Engineering (APICS), Surakarta, Indonesia, pp. 133-137, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Hani Alshahrani et al., “Intrusion Detection Framework for Industrial Internet of Things Using Software Defined Network,” Sustainability, vol. 15, no. 11, pp. 1-18, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Marek Amanowicz, and Damian Jankowski, “Detection and Classification of Malicious Flows in Software-Defined Networks Using Data Mining Techniques,” Sensors, vol. 21, no. 9, pp. 1-24, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Celyn Birkinshaw, Elpida Rouka, and Vassilios G. Vassilakis, “Implementing an Intrusion Detection and Prevention System Using Software-Defined Networking: Defending Against Port-Scanning and Denial-of-Service Attacks,” Journal of Network and Computer Applications, vol. 136, pp. 71-85, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Razvan Bocu, and Maksim Iavich, “Real-Time Intrusion Detection and Prevention System for 5G and beyond Software-Defined Networks,” Symmetry, vol. 15, no. 1, pp. 1-15, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Hamideh Bour et al., “A Multi-Layered Intrusion Detection System for Software Defined Networking,” Computers and Electrical Engineering, vol. 101, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Jonathon Brugman et al., “Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking,” 2019 Resilience Week (RWS), San Antonio, TX, USA, pp. 98-104, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Sotiris Chatzimiltis et al., “A Collaborative Software Defined Network-Based Smart Grid Intrusion Detection System,” IEEE Open Journal of the Communications Society, vol. 5, pp. 700-711, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Qiumei Cheng et al., “Machine Learning Based Malicious Payload Identification in Software-Defined Networking,” Journal of Network and Computer Applications, vol. 192, pp. 1-12, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Xavier Etxezarreta Argarate, “Software-Defined Networking Approaches for Intrusion Response in Industrial Control Systems,” Thesis, Mondragon University, pp. 1-193, 2024.
[Google Scholar] [Publisher Link]
[12] Alessandro Fausto et al., “Reduction of the Delays within an Intrusion Detection System (IDS) Based on Software Defined Networking (SDN),” IEEE Access, vol. 10, pp. 109850-109862, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Jalal Ghadermazi, Ankit Shah, and Nathaniel D. Bastian, “Towards Real-Time Network Intrusion Detection with Image-Based Sequential Packets Representation,” IEEE Transactions on Big Data, vol. 11, no. 1, pp. 157-173, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Guo Guangfeng, Zhang Junxing, and Ma Zhanfei, “Intrusion Prevention with Attack Traceback and Software-Defined Control Plane for Campus Networks,” Computer Science and Information Systems, vol. 18, no. 3, pp. 867-891, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Abdinasir Hirsi et al., “Detecting DDoS Threats Using Supervised Machine Learning for Traffic Classification in Software Defined Networking,” IEEE Access, vol. 12, pp. 166675-166702, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Ahmed H. Janabi, Triantafyllos Kanakis, and Mark Johnson, “Overhead Reduction Technique for Software-Defined Network Based Intrusion Detection Systems,” IEEE Access, vol. 10, pp. 66481-66491, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Ahmed H. Janabi, Triantafyllos Kanakis, and Mark Johnson, “Survey: Intrusion Detection System in Software-Defined Networking,” IEEE Access, vol. 12, pp. 164097-164120, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Keagan Jarvis, “Network Intrusion Prevention in the Evolved Packet Core Utilising Software Defined Networks and Network Function Virtualisation,” Master Thesis, 2019.
[Google Scholar] [Publisher Link]
[19] M. Kokila M Kokila, and Srinivasa Srinivasa Reddy Konda, “DeepSDN: Deep Learning Based Software Defined Network Model for Cyberthreat Detection in IoT Network,” ACM Transactions on Internet Technology, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Auther Makuvaza, Dharm Singh Jat, and Attlee M. Gamundani, “Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs),” SN Computer Science, vol. 2, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Hanan Mustapha et al., “Rethinking Deep Packet Inspection Design and Deployment in the era of SDN and NFV,” 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), Haikou, Hainan, China, pp. 1505-1514, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Talha Naqash, Sajjad Hussain Shah, and Muhammad Najam Ul Islam, “Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network,” International Journal of Parallel Programming, vol. 50, pp. 89-114, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Edeh Michael Onyema et al., “A Security Policy Protocol for Detection and Prevention of Internet Control Message Protocol Attacks in Software Defined Networks,” Sustainability, vol. 14, no. 19, pp. 1-19, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Kunkun Rui, Hongzhi Pan, and Sheng Shu, “Secure Routing in the Internet of Things (IoT) with Intrusion Detection Capability Based on Software-Defined Networking (SDN) and Machine Learning Techniques,” Scientific Reports, vol. 13, no. 1, pp. 1-18, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Ayodeji Olalekan Salau, and Melesew Mossie Beyene, “Software Defined Networking Based Network Traffic Classification Using Machine Learning Techniques,” Scientific Reports, vol. 14, no. 1, pp. 1-16, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[26] N. Satheesh et al., “Flow-Based Anomaly Intrusion Detection Using Machine Learning Model with Software Defined Networking for OpenFlow Network,” Microprocessors and Microsystems, vol. 79, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Wenguang Song et al., “A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection,” Sensors, vol. 20, no. 6, pp. 1-14, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Tuan Anh Tang et al., “DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking,” Electronics, vol. 9, no. 9, pp. 1-18, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[29] Sultan Zavrak, and Murat Iskefiyeli, “Flow-Based Intrusion Detection on Software-Defined Networks: A Multivariate Time Series Anomaly Detection Approach,” Neural Computing and Applications, vol. 35, no. 16, pp. 12175-12193, 2023.
[CrossRef] [Google Scholar] [Publisher Link]