Primary data processing for constructing network package classifiers in Deep Packet Inspection analysis and in the intrusion detection systems

We consider the procedure for preprocessing the source packet information in a new method for classifying network packets of the application layer in order to determine their belonging to one of the known network protocols. Packets are classified based on the use of machine learning methods and fuzzy logic algorithms in Network Traffic Analysis (NTA) systems, in “deep” packet analysis (Deep Packet Inspection — DPI), in intrusion detection systems (IDS) and in other systems. To define the protocol, the principle of high-speed one-packet classification is used, which consists in analyzing the information transmitted in each particular packet. Elements of behavioral analysis are used, namely, the transition states of information exchange protocols are classified, which allows to achieve a higher level of accuracy of classification and a higher degree of generalization in new test samples.