Application Identification
What Is Application Identification?
As the Internet evolves rapidly, a multitude of applications have emerged, ranging from web browsing, email, and FTP downloads to P2P applications, games, videos, and mobile connectivity. The proliferation of diverse applications has become widespread online.
Accurately identifying and effectively controlling the traffic of various applications poses a significant challenge for network administrators. Traditional application identification methods rely on protocols and port numbers, which are insufficient for refined control as applications become more complex. To overcome this limitation, service awareness (SA) application identification has been introduced.
SA application identification entails the extraction and matching of application signatures. It extracts specific packet fields or behavioral signatures and matches them with the SA signature database to identify applications. This technology allows for more precise application identification, enabling network administrators to effectively manage and control application traffic.
Three Mainstream Technologies of Application Identification
Presently, SA application identification technologies can be classified into the following categories:
Signature-based identification
This serves as the foundational technology for SA application identification. It detects applications by examining the application signatures embedded within packets.
Different applications typically employ distinct protocols, each with its own set of unique signatures. These signatures may manifest as specific ports, character strings, or bit sequences. In addition to analyzing the traditional quintuple information of packets, signature-based identification also scrutinizes the application-layer data within packets to extract additional signatures for application identification.
Certain application protocol signatures span across multiple packets rather than residing solely within a single packet. In such instances, it becomes necessary to gather and analyze the signatures from multiple packets in order to accurately identify applications.
Correlation-based Identification
This method is primarily utilized for identifying applications based on multi-channel protocols.
An increasing number of applications employ multi-channel protocols to transmit voice, video, and files. These protocols, such as FTP, SIP, and H.323, utilize separate control and data channels. Specifically, control channels are used to negotiate communication parameters (such as port information) to establish data channels, which, in turn, facilitate the transmission of service data. While data channels lack identifiable signatures as they are dynamically negotiated, signature identification technology can identify applications based on control channels instead.
Correlation identification relies on signature identification to identify the applications carried by control channel packets. Additionally, data channel information is extracted from control channel packets and recorded in an application identification association table. Subsequently, data channel packets are identified using the association table, and they are labeled with the corresponding applications. This approach enables the identification of applications from multi-channel protocol packets.
Behavior-based Identification
This technology is more intricate compared to the previous two methods.
Certain complex applications on the Internet pose challenges when it comes to identification using signature keywords. Moreover, many encrypted applications cannot be identified due to obfuscated signatures resulting from data encryption. Conventional signature identification technologies are inadequate in identifying such complex applications solely based on traditional signatures. Behavior identification, on the other hand, can identify applications carried within packets by extracting behavior signatures, which vary across different applications. Accurate application identification requires the collection and analysis of a substantial number of traffic samples to extract unique behavior signatures.
Behavior signatures typically encompass factors such as the ratio between upstream and downstream traffic, packet transmission intervals, and patterns of packet length changes. Behavior identification technology achieves precise application identification by thoroughly examining and selecting multiple behavior signatures.
Different identification technologies are applicable to different protocol types and cannot be interchangeably used. Typically, a combination of multiple technologies is employed to achieve optimal identification.
What Are the Application Control Methods Based on Application Identification?
The purpose of application identification is not simply to identify applications, but rather to enable the implementation of different control policies for each application, catering to specific control requirements. Currently, the following application control methods are commonly employed:
-
Application-based access control: This method allows or restricts user access to specific applications. For instance, it permits users to access applications related to office work while prohibiting access to video or gaming applications that may hamper productivity.
-
Application-based bandwidth management: This approach involves limiting the bandwidth available to users for accessing particular applications. For example, it may restrict the bandwidth for video or gaming applications to 100 Mbit/s while ensuring that office-related applications receive a bandwidth allocation of 200 Mbit/s.
-
Application-based intelligent link selection: In this method, users are directed to access certain applications through designated links. For instance, office-related applications may be accessed via high-speed links, while video or gaming applications are routed through lower-speed links. This ensures optimized network performance based on the specific requirements of each application.
-
Data Center Security Resource Pool Network Solution
In traditional data center networks, business traffic needs to pass through various security nodes to provide users with secure, fast, and stable network services. However, with server virtualization, traditional partition-based security isolation methods
-
Business Network Security and Protection Solution
The stability of business systems in the internet industry, as well as the performance and reliability of security equipment, are of paramount importance. At the same time, a high level of security protection at the backbone network boundary is required.
-
Empower HPC with RoCE Network
With continued advancements in fields like scientific research, engineering simulation, and AI, the demand for high-performance computing is rapidly increasing. Robust computing power is required to address complex problems and vast datasets. Traditional