A feasibility study of stateful automaton packet inspection for streaming application detection systems

Kuo-Kun Tseng, Jiao Lo, Shih-Hao Chang, Madjid Merabti, Chun Kit Ng, Chun Ho Wu

Research output: Journal article publicationJournal articleAcademic researchpeer-review


The rapid development of the internet has brought huge benefits and social impacts; however, internet security has also become a great problem for users, since traditional approaches to packet classification cannot achieve satisfactory detection performance due to their low accuracy and efficiency. In this paper, a new stateful packet inspection method is introduced, which can be embedded in the network gateway and used by a streaming application detection system. This new detection method leverages the inexact automaton approach, using part of the header field and part of the application layer data of a packet. Based on this approach, an advanced detection system is proposed for streaming applications. The workflow of the system involves two stages: the training stage and the detection stage. In the training stage, the system initially captures characteristic patterns from a set of application packet flows. After this training is completed, the detection stage allows the user to detect the target application by capturing new application flows. This new detection approach is also evaluated using experimental analysis; the results of this analysis show that this new approach not only simplifies the management of the state detection system, but also improves the accuracy of data flow detection, making it feasible for real-world network applications.
Original languageEnglish
Pages (from-to)1317-1336
JournalEnterprise Information Systems
Issue number9
Publication statusPublished - 21 Oct 2017


  • firewall
  • packet classification
  • stateful automation
  • Aho-Corasick


Dive into the research topics of 'A feasibility study of stateful automaton packet inspection for streaming application detection systems'. Together they form a unique fingerprint.

Cite this