US Patent 7944822 System and method for identifying network applications

Embodiments of the invention provide a framework for traffic classification that bridges the gap between the packet content inspection and the flow-based behavioral analysis techniques. In particular, IP packets and/or IP flows are used as an input, network nodes are associated to specific network applications by leveraging information gathered from the web, and packet-level and/or flow-level signatures are extracted in an off-line fashion using clustering and signature extraction algorithms. The signatures learned are systematically exported to a traffic classifier that uses the newly available signatures to classify applications on-the-fly.