1. Field of the Invention
The present invention relates to computers and computer networks. More particularly, the invention relates to profiling Internet traffic flows to identify network applications responsible for the traffic flows.
2. Background of the Related Art
There has been an increase on the use of UDP-based binary protocols to carry not only control messages but also data. Examples of UDP-based binary protocols include RTP, RTCP, DNS, etc. Since UDP is not connection-oriented, the application header must be carried in every packet. Different from plain text protocols (e.g. HTTP, SMTP), the fields in the application header of UDP flows (i.e., flows originating from UDP-based binary protocols) are separated by bit chunks as opposed to string words. Current proposals to identify UDP-based binary protocols are either not practical since they require UDP flows to be long or they require heavy reverse engineering, such as traditional Deep Packet Inspection (DPI). Keeping up with the number of applications that come up everyday is impractical due to the laborious manual reverse engineering process. Reverse engineering all these applications in a timely manner requires a huge manual effort. As a consequence, keeping a comprehensive and up-to-date list of application signatures is infeasible.