1. Field of the Invention
The present invention relates generally to network traffic management, and more particularly but not exclusively to methods and apparatus for classifying network applications.
2. Description of the Background Art
Deep Packet Inspection (DPI) is a technology that allows a network appliance or firewall to manage network activities by analyzing packet payloads. Compared to a traditional firewall, DPI provides more powerful features, such as layer 7 application control and non-IP (Internet Protocol)/port based protocol classification. Network appliances with a DPI engine are commercially available from Trend Micro, Inc., for example.
An important feature of DPI engines is protocol and network application classification by payload analysis. Protocol and network classification allows a DPI engine to classify network traffic, and enforce policies on the network traffic based on its classification. Unfortunately, protocol and network application classification by payload analysis only works well when the payload is not obfuscated, such as by encryption or encoding using an unknown algorithm. Without proper correlation about overall network behavior, protocol and network application classification may not even be feasible when the packet payloads are obfuscated.