OverviewExindaÕs DPI engine uses variety of detection techniques including flow tracking, byte pattern matching and behavioral analysis to detect encrypted traffic.
1. Pattern Matching
- A simple check for recurring strings and numbers inside IP packets and comparing to known patterns.
- The engine checks for not only packet sizes, but the order of different packet sizes within an IP flow, while tracking information of the subscriber and host
- Examines common appearances like recurring byte-order or metadata analysis within an IP flow
- In most cases, there are many different checks to ensure a reliable classification result
- A set of specific requirements must be fulfilled for a classification result
By combining these techniques, the Exinda DPI engine reliably detects encrypted protocols with a very low false negative rate and virtually no false positives