Abstract: An application detection architecture and related techniques are provided for detecting, identifying, and managing network-based applications. In various embodiments, a combined layered approach to application detection and various application-detection techniques provide for quick assessments that move from simplest to complex for rapid detection of unauthorized or misbehaving applications in communication with one or more computer networks. This layering, in some embodiments, further provides scalability and speed for determining and implementing policies that may be applicable to detected network-based application, users, groups, or devices associated with unauthorized network-based applications sending or receiving data via a computer network.

Abstract: In various embodiments, a data-driven model is provided for an application detection engine for the detection and identification of network-based applications. In one embodiment, information can be input into an application detection database. The information may include a hostname, ports, transport protocol (TCP/UDP), higher layer protocol (SOCKS, HTTP, SMTP, FTP, etc), or the like. The information may be associated with a given application. The information may be used to create rule sets or custom program logic used by one or more various application detection engines for determining whether network traffic has been initiated by a given application. The information may be dynamically loaded and updated at the application detection engine.

Abstract: In various embodiments, techniques can be provided for identifying and filtering network resources. The filtering may occur not only on the type of network traffic (e.g., HTTP traffic) but also with resources identified by the network traffic. In some embodiments, one or more hash functions may be used to facilitate the identification, searching, and matching of network resources. The network resources may be identified as a unique domain, unique network host, unique URL, or the like.

Abstract: An application detection architecture and related techniques are provided for detecting, identifying, and managing network-based applications. In various embodiments, a combined layered approach to application detection and various application-detection techniques provide for quick assessments that move from simplest to complex for rapid detection of unauthorized or misbehaving applications in communication with one or more computer networks. This layering, in some embodiments, further provides scalability and speed for determining and implementing policies that may be applicable to detected network-based application, users, groups, or devices associated with unauthorized network-based applications sending or receiving data via a computer network.

Abstract: In various embodiments, a data-driven model is provided for an application detection engine for the detection and identification of network-based applications. In one embodiment, information can be input into an application detection database. The information may include a hostname, ports, transport protocol (TCP/UDP), higher layer protocol (SOCKS, HTTP, SMTP, FTP, etc), or the like. The information may be associated with a given application. The information may be used to create rule sets or custom program logic used by one or more various application detection engines for determining whether network traffic has been initiated by a given application. The information may be dynamically loaded and updated at the application detection engine.

Abstract: In various embodiments, techniques can be provided for identifying and filtering network resources. The filtering may occur not only on the type of network traffic (e.g., HTTP traffic) but also with resources identified by the network traffic. In some embodiments, one or more hash functions may be used to facilitate the identification, searching, and matching of network resources. The network resources may be identified as a unique domain, unique network host, unique URL, or the like.