{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T02:36:09Z","timestamp":1760236569826,"version":"build-2065373602"},"reference-count":26,"publisher":"MDPI AG","issue":"23","license":[{"start":{"date-parts":[[2021,11,30]],"date-time":"2021-11-30T00:00:00Z","timestamp":1638230400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>This paper investigates and proposes a solution for Protocol Independent Switch Architecture (PISA) to process application layer data, enabling the inspection of application content. PISA is a novel approach in networking where the switch does not run any embedded binary code but rather an interpreted code written in a domain-specific language. The main motivation behind this approach is that telecommunication operators do not want to be locked in by a vendor for any type of networking equipment, develop their own networking code in a hardware environment that is not governed by a single equipment manufacturer. This approach also eases the modeling of equipment in a simulation environment as all of the components of a hardware switch run the same compatible code in a software modeled switch. The novel techniques in this paper exploit the main functions of a programmable switch and combine the streaming data processor to create the desired effect from a telecommunication operator perspective to lower the costs and govern the network in a comprehensive manner. The results indicate that the proposed solution using PISA switches enables application visibility in an outstanding performance. This ability helps the operators to remove a fundamental gap between flexibility and scalability by making the best use of limited compute resources in application identification and the response to them. The experimental study indicates that, without any optimization, the proposed solution increases the performance of application identification systems 5.5 to 47.0 times. This study promises that DPI, NGFW (Next-Generation Firewall), and such application layer systems which have quite high costs per unit traffic volume and could not scale to a Tbps level, can be combined with PISA to overcome the cost and scalability issues.<\/jats:p>","DOI":"10.3390\/s21238010","type":"journal-article","created":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T01:45:02Z","timestamp":1638323102000},"page":"8010","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Application Layer Packet Processing Using PISA Switches"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1723-5741","authenticated-orcid":false,"given":"Ismail","family":"Butun","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, KTH Royal University of Technology, SE-114 28 Stockholm, Sweden"},{"name":"Department of Computer Engineering, Konya Food and Agriculture University, Konya 42080, Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3585-129X","authenticated-orcid":false,"given":"Yusuf Kursat","family":"Tuncel","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Konya Food and Agriculture University, Konya 42080, Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2483-8070","authenticated-orcid":false,"given":"Kasim","family":"Oztoprak","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Konya Food and Agriculture University, Konya 42080, Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,11,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Yazici, M.A., and Oztoprak, K. (2017, January 5\u20138). Policy broker-centric traffic classifier architecture for deep packet inspection systems with route asymmetry. Proceedings of the 2017 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom), Istanbul, Turkey.","DOI":"10.1109\/BlackSeaCom.2017.8277681"},{"key":"ref_2","unstructured":"Sandvine Inc. (2021, June 20). Virtual ActiveLogic\u2014Hyperscale Data Plane for Next, Generation Telco Networks. Available online: https:\/\/www.sandvine.com\/hubfs\/Sandvine_Redesign_2019\/Downloads\/2020\/Datasheets\/Network%20Optimization\/Sandvine_DS_Virtual_ActiveLogic.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Lim, H.K., Kim, J.B., Heo, J.S., Kim, K., Hong, Y.G., and Han, Y.H. (2019, January 11\u201313). Packet-based network traffic classification using deep learning. Proceedings of the 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), Okinawa, Japan.","DOI":"10.1109\/ICAIIC.2019.8669045"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Zolotukhin, M., H\u00e4m\u00e4l\u00e4inen, T., Kokkonen, T., and Siltanen, J. (2016, January 16\u201318). Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. Proceedings of the 2016 23rd International Conference on Telecommunications (ICT), Thessaloniki, Greece.","DOI":"10.1109\/ICT.2016.7500408"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1145\/2534169.2486011","article-title":"Forwarding metamorphosis: Fast programmable match-action processing in hardware for SDN","volume":"43","author":"Bosshart","year":"2013","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_6","unstructured":"Kim, C. (2016). Programming the Network Dataplane, ACM SIGCOMM."},{"key":"ref_7","unstructured":"Gupta, A., Harrison, R., Canini, M., Feamster, N., Rexford, J., and Willinger, W. (2018, January 20\u201325). Sonata: Query-driven streaming network telemetry. Proceedings of the 2018 conference of the ACM special interest group on data communication, Budapest, Hungary."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1885","DOI":"10.1109\/TNET.2020.3002074","article-title":"Design and Implementation of TCP-Friendly Meters in P4 Switches","volume":"28","author":"Wang","year":"2020","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2688","DOI":"10.1109\/JLT.2020.2966517","article-title":"P4-enabled Smart NIC: Enabling Sliceable and Service-Driven Optical Data Centres","volume":"38","author":"Yan","year":"2020","journal-title":"J. Light. Technol."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Fern\u00e1ndez, C., Gim\u00e9nez, S., Grasa, E., and Bunch, S. (2020). A P4-Enabled RINA Interior Router for Software-Defined Data Centers. Computers, 9.","DOI":"10.3390\/computers9030070"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"e2134","DOI":"10.1002\/nem.2134","article-title":"OpenBNG: Central office network functions on programmable data plane hardware","volume":"31","author":"Kundel","year":"2021","journal-title":"Int. J. Netw. Manag."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/2656877.2656890","article-title":"P4: Programming protocol-independent packet processors","volume":"44","author":"Bosshart","year":"2014","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Hang, Z., Wen, M., Shi, Y., and Zhang, C. (2019). Programming protocol-independent packet processors high-level programming (P4HLP): Towards unified high-level programming for a commodity programmable switch. Electronics, 8.","DOI":"10.3390\/electronics8090958"},{"key":"ref_14","unstructured":"The P4.org Applications Working Group (2021, March 10). In-Band Network Telemetry (INT) Data Plane Specification. Available online: https:\/\/github.com\/p4lang\/p4-applications\/blob\/master\/docs\/INT_v2_1.pdf."},{"key":"ref_15","unstructured":"The P4 Language Consortium (2021, March 15). Getting Started with P4 Language. Available online: https:\/\/p4.org\/p4\/getting-started-with-p4.html."},{"key":"ref_16","unstructured":"Parol, P. (2021, March 21). P4 Network Programming Language\u2014What Is It All About?. Available online: https:\/\/codilime.com\/p4-network-programming-language-what-is-it-all-about\/."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Sgambelluri, A., Paolucci, F., Giorgetti, A., Scano, D., and Cugini, F. (2020, January 19\u201323). Exploiting telemetry in multi-layer networks. Proceedings of the 2020 22nd International Conference on Transparent Optical Networks (ICTON), Bari, Italy.","DOI":"10.1109\/ICTON51198.2020.9203310"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Sari, A., Lekidis, A., and Butun, I. (2020). Industrial networks and IIoT: Now and future trends. Industrial IoT, Springer.","DOI":"10.1007\/978-3-030-42500-5_1"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Butun, I., Almgren, M., Gulisano, V., and Papatriantafilou, M. (2020). Intrusion Detection in Industrial Networks via Data Streaming. Industrial IoT, Springer.","DOI":"10.1007\/978-3-030-42500-5_6"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1145\/2934664","article-title":"Apache Spark: A Unified Engine for Big Data Processing","volume":"59","author":"Zaharia","year":"2016","journal-title":"Commun. ACM"},{"key":"ref_21","unstructured":"Apache Foundation (2021, February 13). Apache Flink - Stateful Computations over Data Streams. Available online: https:\/\/flink.apache.org\/."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1353","DOI":"10.1587\/transcom.2015EBP3467","article-title":"Subscriber Profiling for Connection Service Providers by Considering Individuals and Different Timeframes","volume":"E99.B","author":"Oztoprak","year":"2016","journal-title":"IEICE Trans. Commun."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Oztoprak, K. (November, January 29). Profiling subscribers according to their internet usage characteristics and behaviors. Proceedings of the 2015 IEEE International Conference on Big Data (Big Data), Santa Clara, CA, USA.","DOI":"10.1109\/BigData.2015.7363912"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Hakak, S., and Ghorbani, A. (2019, January 1\u20133). Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India.","DOI":"10.1109\/CCST.2019.8888419"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Deri, L., Martinelli, M., Bujlow, T., and Cardigliano, A. (2014, January 4\u20138). ndpi: Open-source high-speed deep packet inspection. Proceedings of the 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), Nicosia, Cyprus.","DOI":"10.1109\/IWCMC.2014.6906427"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.comcom.2020.12.016","article-title":"Flow length and size distributions in campus Internet traffic","volume":"167","author":"Jurkiewicz","year":"2021","journal-title":"Comput. Commun."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/23\/8010\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:38:05Z","timestamp":1760168285000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/23\/8010"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,30]]},"references-count":26,"journal-issue":{"issue":"23","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["s21238010"],"URL":"https:\/\/doi.org\/10.3390\/s21238010","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2021,11,30]]}}}