TY - JOUR AU - Satrya, Gandeva Bayu AU - Nugroho, Faiizal Eko AU - Brotoharsono, Tri PY - 2017/07/25 Y2 - 2024/03/29 TI - Improving Network Security - A Comparison between nDPI and L7-Filter JF - International Journal on Information and Communication Technology (IJoICT) JA - ijoict VL - 2 IS - 2 SE - Security & Cryptography DO - 10.21108/IJOICT.2016.22.77 UR - https://socj.telkomuniversity.ac.id/ojs/index.php/ijoict/article/view/77 SP - 11 AB - The classification of data traffic in a firewall using parameters such as port number, IP address, and MAC address is not sufficient. For example, currently, many applications can be used without a port number meaning they can easily circumvent a firewall. Firewalls inspecting up to only layer four could allow malicious data to pass. Next-generation deep packet inspection (DPI) is a method that can be used for firewalls as a method of classification up to layer seven in data traffic control.This research recommends the use of nDPI and L7-filter by network administrators on existing open source firewalls. Eleven internet applications were used to test and analyze nDPI and L7-filter which are capable of detecting traffic based on the data signature. nDPI and L7-filter were tested for accuracy and speed. We conclude that the development of next-generation deep packet inspection is important for the future of system and network security. ER -