This section is intended to introduce the reader to various aspects of the art that may be related to various aspects of the present invention. The following discussion is intended to provide information to facilitate a better understanding of the present invention. Accordingly, it should be understood that statements in the following discussion are to be read in this light, and not as admissions of prior art.
The IP-CAN sits between RAN (Radio Access Network) and the CN (Core Network), connecting access-side signaling to the service controls in the core. PCC architecture could take decision according to the type of IP-CAN used. This scenario is depicted in FIG. 10 (please check 3GPP TS 23.203 V9.4. FIG. 5.1.1).
FIG. 10 shows a policy and charging control architecture.                PCRF (Policy and Charging Rules Function) is a functional element that performs policy control decision and flow based charging control. The PCRF provides network control regarding the service data flow detection, gating, QoS and flow based charging (except credit management) towards the PCEF.        PCEF (Policy Control Enforcement Function) encompasses service data flow detection, policy enforcement and flow based charging functionalities, DPI (Deep Packet Inspection), embedded in PCEF, technology supports packet inspection and service classification, which consists on IP packets classified according to a configured tree of rules so that they are assigned to a particular service session.        The Gx reference point is defined in 3GPP TS 29.212 and ties between the Policy and Charging Rule Function (PCRF) and the Policy and Charging Enforcement Function (PCEF).        
DPI technology offers two types of analysis:                Shallow packet inspection: extracts basic protocol information such as IP addresses source, destination) and other low-level connection states. This information typically resides in the packet header itself and consequently reveals the principal communication intent.        Deep Packet Inspection (DPI): provides application awareness. This is achieved by analyzing the content in both the packet header and the payload over a series of packet transactions. There are several possible methods of analysis used to identify and classify applications and protocols that are grouped into signatures. One of them is heuristic signatures which it is related with the behavioral analysis of the user traffic.        
In regard to problems with existing solutions, although a heuristic analysis is developed with the intention to uniquely and completely identify its related application or protocol, there are some cases in which the signature is not robust (weak signature) and classification problems arise. Each time a user is connected to the network and generates traffic, PCEF with deep packet inspection tries to analyze each packet and inspect searching for each possible protocol. It has the following drawbacks:                Number of new protocols and applications increases every year, consequently the current detection protocol mechanisms should change according to the state of the art of the internet protocols in a dynamic way.        The probability of incorrect protocol detection increases as a consequence of the new protocols and applications increment every year.        Real time protocol or applications are slowed because Deep packet inspection has to be done and the DPI functionality is CPU intensive.        