A computer network typically includes a collection of interconnected computing devices that exchange data and share resources. The devices may include, for example, web servers, database servers, file servers, routers, printers, end-user computers and other devices. The variety of devices may execute a myriad of different services and communication protocols. Each of the different services and communication protocols exposes the network to different security vulnerabilities.
In a typical network deployment, multiple next generation firewall (NGFW) devices may be deployed. Each NGFW device may process voluminous amounts of network traffic separately. Network traffic belongs to various applications running over different transport mediums (TCP/UDP/HTTP, and the like). The NGFW devices individually process the traffic and apply the dynamic application classification algorithms to classify applications. In various non-limiting example use cases, the NGFW devices may perform application classification with respect to peer-to-peer (P2P) applications. In general, NGFW network devices perform the application classification, store the data required for classification and does the policy enforcement separately. In many scenarios, P2P applications, such as BitTorrent®, eDonkey, Ares, Mute, Skype®, Gnuetella, Directconnect, and QVOD, are used for content delivery, downloading and sharing files, video files, audio files, and the like. In turn, such P2P applications tend to consume large amounts of network bandwidth. The algorithms used to classify such P2P applications by NGFW devices are complex and central processing unit (CPU) intensive, in that the algorithms may consume significant amounts of CPU clock cycles.