Network fingerprinting is an emerging classification and filtering process that utilizes standard flow protocols to extract and enrich traffic records for analytics purposes. The process utilizes both public and private enrichment resources to create a modular, templated framework for use by automated machine learning (ML) and artificial intelligence (AI) systems. The goal, to create a predictive, proactive and forecast ready system for network traffic analysis, including the evolving diversity of traffic.
Through flexible templating, network fingerprinting enables a system to rapidly identify destination bottlenecks, detect anomalies within traffic flows and even recommend package adjustments. This approach has no deep packet inspection requirement and leverages flow record and packet metadata to store and enrich existing flow sources. The separation of enrichment from machine and AI techniques supports the use of homegrown solutions such as forecasting or monitoring while also allowing the use of additional open-source models for quick deployment and rapid time to value. This flexibility is designed to enable use cases across a variety of network, threat assessment and quality of service spaces and includes models to address proactive network management, self-healing actions (platform to network connections), anomaly detection, traffic monitoring, customer churn and capacity management.
The proceeding sections introduce the basic elements needed to achieve network fingerprinting and classification processes and demonstrate possible outcomes when leveraging those resources in traffic flow environments. The processes outlined focus on enrichment and augmentation, leveraging standard traffic flow protocols at a software layer without the need for specific network inspection hardware.