Creative Commons

Traffic analysis is a process of great importance, when it comes in securing a network. This analysis, according to the needs of our network, can be classified in different levels. One of these levels and the most analytical of them all is Deep Packet Inspection (DPI). DPI is a very effective way of monitoring the network, since it performs traffic control on the majority of the OSI model’s layers (from L3 to L7). In our case, this DPI implementation is done by using Snort, an open sources Network Intrusion Detection and Prevention System (NIDS) program. Snort, currently, is making use of the Boyer - Moore algorithm, which is a software - based approach to the DPI packet filtering. Snort will be, also, needed for writing rules that are using Regular Expressions (Re-gExp). By using this pattern, we can identify strings, which might be malicious for network, more efficiently compared to the rules that do not use this pattern. In this current study, Regular Expressions will be the key part of our methodology, since we are aiming in proving that this technique is much more productive and effective than the traditional exact match pattern used up until now, especially when it is combined with other technologies such as Deep Packet Inspection. An extended explanation of the tools and the techniques used in order to write this dissertation, both on theoretical and practical level, will be provided on Chapter 6. At this point, I would like to thank my supervisor professor Mr. Dimitrios Baltatzis for his help, the knowledge that he provided it to me and for aspiring me on working on this certain topic for my dissertation. Also, I would like to thank my family and friends for being supportive and believing on me and my skills.