Deep Packet Inspection
Deep Packet Inspection (DPI) is a highly effective network analysis technology. In contrast to conventional analysis tools, which are generally used in virus scanners, firewalls, etc., DPI is not limited to the analysis of the metadata of a data packet. These metadata generally only include the sender, recipient and, if applicable, a URL / domain. In addition to these metadata, Deep Packet Inspection also analyzes the communication that is sent via the data packets. That is, the concrete contents are read out and checked.
For an email, this would be, for example, the email text and attached files. In industrial control systems (ICS) DPI allows for making visible the operational commands, which are contained in a data packet, thus achieving 100 % transparency over the communication in a network. Deep Packet Inspection is therefore also the basis for an effective anomaly detection in ICS since it allows the detection of even the smallest deviations (anomalies) in the recurring communication patterns of an industrial control system.
