Computer-network providers and/or operators face many challenges in delivering network services to customers or partners. Not the least of these involves tailoring the overall system so that the nodes actually routing and switching data among servers, end users and intermediate stations are optimized for the devices originating and receiving the data. Determining how much network traffic is attributable to particular types of devices—e.g., “smart” phones and tablets, mobile routers, limited-feature phones, etc.—allows network operators to dynamically alter traffic policies in order to reduce network congestion. Device type detection can also be used for security purposes (e.g., to enable device-level authorization) and to prevent improper “tethering,” i.e., using a device such as a smart phone as a broadband connection for other devices such as laptops, netbooks or other smart phones.
Wireless devices may be identified using a “type allocation code” (TAC). These codes identify specific device types and are maintained in large databases, which are constantly expanding as new devices enter the market with new TACs. As a consequence, even exhaustive TAC databases are often out of date with respect to the newest devices, since database updates are expensive and therefore do not occur as frequently as might be desirable. Moreover, TAC databases are often accessed on an offline basis, which increases the likelihood they will be out of date. And thinly marketed or “gray market” devices may not comply with TAC-allocation procedures, and so never receive TACs.
At least for purposes of network diagnostics, it is often sufficient to establish the general type of device, and for many applications just knowing whether a device is a smart phone may suffice. To classify unknown devices, many existing systems utilize “fingerprinting” techniques that infer a device type based on measurable characteristics of traffic produced by the device. In a packet-switched network, in which small units of data called packets are routed through the network based on a destination address contained within each packet, these systems may capture packets at an intermediate node between the originating device to be identified and the destination, and measure properties of the captured traffic such as packet inter-arrival time. Particular value ranges (“fingerprints”) of these properties may be known in advance to be associated with a certain type of device, enabling it to be identified. Where such associations are absent, they may be generated by analysis of traffic known to originate with a particular type of device.
This approach requires active database management analogous to that required to maintain TAC databases: fingerprints are established for particular devices by analyzing them individually, and the resulting parameter values are then introduced into a fingerprint database (which, again, is analogous to a TAC database). What is needed, however, is a way of classifying devices in a fully automated manner and without advance knowledge of device characteristics.