ASN-DPI details correlated application analytics across 4G and 5G

The vendor blog describes ASN-DPI as a system that correlates telecom control-plane subscriber identifiers with user-plane application traffic to produce subscriber-aware analytics for 4G EPC, 5G NSA, and 5G SA environments. The update matters for enterprise IT and security teams that need per-subscriber application visibility, QoE metrics, and traffic context for optimization and investigations.

Research Overview

The post frames a core limitation of application identification alone in mobile networks: DPI can classify what traffic is present but not which subscriber is generating each flow. It argues that linking control-plane signaling data to user-plane sessions is required to attach identity, location, and session context to application analytics.

It describes ASN-DPI as combining application identification with payload metadata extraction and real-time correlation between control-plane and user-plane data. The stated goal is subscriber-aware application analytics at line rate.

Key Findings

The blog positions correlation as the missing link between subscriber identity fields in the control plane and data sessions in the user plane. It contrasts DPI-only visibility with correlated analytics by using examples such as identifying which subscriber streams a specific application, mapping QoE to a particular subscriber, and aggregating usage by cell-site and APN.

It also describes how ASN-DPI extracts enriched per-flow metadata, including latency parameters and TCP sequence information, then pairs those details with subscriber and location context. The blog further states that the system exports enriched data and functions as a passive probe without injecting traffic.

Technical Breakdown

The post defines correlation as linking subscriber signaling information from the control plane with data sessions from the user plane to produce a unified view of subscriber activity. It lists control-plane inputs such as IMSI, MSISDN, IMEI, cell identifiers, APN/DNN, and session setup parameters, then matches them to user-plane insights such as applications, data transfer volumes, and session quality.

For per-flow insights, it describes extracted categories including user information (subscriber identity and location), flow information (IP, port, protocol, and session tracking elements), flow latency parameters (RTT granularity and jitter), and flow sequence tracking using TCP sequence analysis for packet loss or out-of-order segments. It also states the DPI engine extracts application name and category, and captures server name and SNI for encrypted payloads, including OTT, game names, and game servers.

Operational Impact and Use Cases

The blog lists subscriber-aware analytics use cases that combine DPI application identification with correlation, including per-subscriber application usage analytics, QoE-aware network optimization, and security or anomaly detection based on subscriber profiles and application behavior patterns. It also describes cell-site application analytics for aggregating correlated data by cell identifiers and application demand distribution.

Additional operational scenarios include feeding correlated application analytics into PCRF/PCF policy engines for QoS management, using TLS and QUIC intelligence to infer service identity without decrypting payloads, and performing device and OS fingerprinting using DHCP signals, user-agent data, and TLS/QUIC fingerprints. The post also describes OTT service breakdown and CDN mapping using HTTP host, TLS SNI, and QUIC transport identifiers, along with DNS intelligence for domain access patterns and query behavior.

It states ASN-DPI supports mixed and evolving telecom architectures by parsing GTPv2-C for 4G control signaling, N11 over HTTP/2 for 5G SA, and RADIUS alongside these. It further specifies that encrypted traffic identification relies on fingerprinting techniques such as JA3, JA3S, and JA4, plus metadata such as SNI, TLS certificate fields, QUIC transport parameters, and connection IDs.

Overall, the blog presents ASN-DPI as a correlation-first approach that attaches subscriber and session context to DPI-derived application and protocol metadata across 4G and 5G architectures. This “Blog Signals brief” is a fact-based summary of the vendor blog for enterprise decision-makers evaluating subscriber-aware visibility, QoE analytics, and security-relevant traffic context.