The technology of Deep Packet Inspection (DPI) is well known in the art. In the context of Internet Protocol (IP) networking, it consists in analysing protocol layers 2 to 7 of the OSI model. Each layer contains information related respectively to the link (2), network (3), transport (4), session (5), and application (6 and 7) levels.
A DPI probe is capable of correlating information at the different protocol layers to recognize a specific application or service, and the attributes and parameters that relate to it. For example, a web session based on Hypertext Transfer Protocol (HTTP) at the application layer relies on Transport Control Protocol (TCP) at the transport layer. Contextual information is used by the probe to establish a relation between the HTTP session and the multiple transport TCP protocol exchanges associated to this specific HTTP session.
The probe also relies on contextual information to follow the data flow related to a specific session over its duration. The File Transfer Protocol (FTP) is an example where the use of contextual information is necessary. FTP is an application protocol to transfer data over an IP network. It relies on the TCP protocol for the transport layer. The control session (to establish and control an FTP session between a client and a server) and the data session (to perform the effective data transfer between the client and server) are separated. The control session contains information related to the TCP parameters of the data session. Thus, memorizing contextual information is necessary for the probe to correlate the TCP control and data sessions, which otherwise would appear as two independent TCP sessions.
The aforementioned functionalities constitute what is referred to as a generic DPI probe. It is capable of capturing data related to almost any kind of application or service based on the Internet Protocol. Context information associated to different protocol layers are used to follow the session from its beginning to its end, and extract relevant parameters. The most advanced DPI probes can track a service based on several different IP based applications, involving multiple underlying transport protocol sessions.
However, with a generic DPI probe, a specific device or group of devices cannot be followed over a long time period. This is due to the fact that a DPI probe uses the IP address of the device as its identification. And in many cases, this IP address is not the same over time. In particular, in the context of mobile networks, the IP address allocated to a mobile device for a data session is usually different for each new data session.
Also, a generic probe usually does not take into account the specificities of the IP network in which it is used (for instance, a corporate IP network, an IP based mobile data network, an IP based fixed broadband network). Specifically, part of the signalling IP traffic dedicated to the operation of a mobile data network contains critical information, associated to each device and/or subscription. For instance, in the case of a cellular network: a subscription identifier, a mobile device identifier, a phone number, localization information, among others.
Additionally, in the case of a cellular data network, the DPI probe may be deployed at different points of capture in the network. Thus, part of the information to be captured may be transported over different IP based protocols, depending on the localization of the probe. A generic DPI probe usually does not have the capability to automatically adapt to various points of capture, where the same information is transported via different IP based protocols.
Therefore, there is a need of overcoming the above discussed issues, concerning the limitations of a generic DPI probe focusing on the analysis of IP based data traffic generated by mobile devices on a mobile data network. Accordingly, a method and system for context aware Deep Packet Inspection in IP based mobile data networks are sought.
An object of the present method and system is therefore to provide a context aware DPI for IP based mobile data networks.
The foregoing and other objects, advantages and features of the present method and system will become more apparent upon reading of the following non-restrictive description of any illustrative embodiments thereof, given by way of example only with reference to the accompanying drawings.