Validating Application Detection Signatures

In the new world of next-generation networks, pretty much every leading network equipment manufacturer (NEM) today has application-awareness built into their products. Whether it’s an application firewall, serving gateway or edge router, they’re all using deep packet inspection (DPI) to look deep into the network traffic to identify the specific application.

For example, Cisco has Application Visibility & Control, Juniper has AppSecure, Palo Alto Networks has App-ID, Sandvine has Traffic Identification and Tellabs has Application Identification.

Each vendor has their own proprietary database comprised of hundreds or thousands of application signatures and on finding a match, their system can then take action based on the defined policy (e.g. block an application, apply QoS, etc…)

Before these new application signatures are released however, testing is needed to ensure the accuracy of the detection. One of the major challenges is to avoid the false positive, in which an application is misclassified.

The problem with today’s approach

All of the NEMs we speak to are tackling this problem today with brute force. Their signature testing process is characterized as follows:

  • Install the app on the required PC or mobile device
  • Perform different operations on the app and capture the subsequent network traffic
  • Replay the pcap against the product (using tools like Tcpreplay)
  • Verify whether the product correctly detects the application

Now, when you’re dealing with a growing list of 1,000s of new and updated applications as well as different endpoints, the number of testing permutations grows exponentially.

For example, Skype has a new version on average every 6 weeks on one or more platforms. And its network footprint can vary based on the platform on which it’s running and the activity the user is performing (e.g., voice, video, chat, desktop sharing).

Also, the relatively static replay of the pcaps doesn’t always provide a stateful recreation to trigger the application detection engine. The bottom line is that this manual approach simply doesn’t scale.

Automated signature detection testing to the rescue

At Spirent (formerly Mu Dynamics), we’re introducing new capabilities to help the vendors automate their signature detection testing. With Spirent (formerly Mu) Studio Performance and the Spirent (formerly Mu) TestCloud store, we provide an ongoing stream of new application tests that accurately recreate these apps in the lab. And using the “Audit Mode” capability, you can now run every single one of these tests sequentially and automatically for complete lights-out testing.

So whether you’re running a nightly build or a full-blown system test, you can now streamline the process – reduce the testing time for application signatures, improve the quality of the app detection, and more efficiently utilize your testing team members.


Spirent (formerly Mu) Studio Performance allows the automatic replay of every application test for lights-out signature detection testing

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.