The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
A wide variety of network services are commonly used in both enterprise and private computer network environments. However, network administrators often have difficulty tracking which services are active on a network, including whether the services violate administration policies or introduce security issues. For example, malicious services may run on one or more computing devices without the knowledge of a user. Different services produce different types of traffic and a large variety of different data, further complicating service detection.
One method of keeping updated records of the services running in a network is to prevent the installation of software on each network node by non-administrator users. However, this method may be unduly restrictive and may not be entirely possible. Another method for detecting services is to perform deep packet inspection on all network traffic. However, deep packet inspection may be considered an invasion of privacy, and may not work for encrypted data. Furthermore, deep packet inspection is computationally expensive due to the need to inspect each packet, leading to a lack of scalability as the network grows or as network traffic increases.