Azn-DPI explains correlated subscriber-aware analytics across 4G and 5G
ASN-DPI combines DPI application identification with real-time correlation between control-plane subscriber data and user-plane traffic, producing per-flow, subscriber-aware analytics across 4G EPC and 5G SA/NSA. The approach targets use cases such as QoE measurement, cell and APN insights, policy inputs, and encrypted-traffic classification for operational and security teams.
Research Overview
The brief frames 4G EPC, 5G standalone, and 5G non-standalone deployments as environments where operators need visibility into both application usage and the subscriber, session, and location behind each flow. It argues that application identification from user-plane DPI alone is insufficient because subscriber identity is carried in the control plane.
It presents ASN-DPI as a correlation layer that links subscriber signaling fields such as IMSI, MSISDN, and IMEI with user-plane sessions that carry the application payload. The goal is subscriber-aware application analytics delivered at line rate using control-to-user-plane correlation.
Key Findings
The brief describes four scenarios showing the gap between DPI-only visibility and correlated subscriber analytics, including questions about which subscriber streams a specific application and the QoE of that subscriber. It states that correlation enables answers that DPI without correlation cannot provide, such as subscriber identity, location context, and flow-level quality metrics.
It also characterizes the “missing link” as the bridge between control-plane signaling (for example, GTP-C and N11/HTTP2) and user-plane traffic (for example, GTP-U). By connecting these two planes, the brief states that raw DPI output becomes actionable subscriber-level intelligence.
Technical Breakdown
The brief defines correlation as linking control-plane signaling information to user-plane data sessions to generate a unified view of subscriber activity. It lists control-plane elements including identity fields, location such as Cell ID and TAC, APN/DNN, and session setup parameters such as TEIDs and bearer IDs.
For user-plane insights, it states that metadata includes application name and category from DPI, traffic volumes, and session quality metrics. It further describes flow-level extraction such as IP, port, and protocol tuples, latency parameters including RTT in nanosecond granularity and jitter, and TCP sequence analysis for packet loss and out-of-order segments.
For encrypted traffic, it describes identification and profiling without payload decryption using fields and signals such as SNI, certificate elements, and fingerprint values including JA3, JA3S, and JA4. It also provides protocol-level metadata examples across HTTP, DNS, DHCP, QUIC, HTTP/2, RTP/SIP, NetBIOS, and TLS/SSL.
Operational Impact
The brief lists subscriber-aware application analytics use cases that depend on correlated flow and subscriber records. It includes per-subscriber application usage analytics, QoE-aware optimization by relating latency, jitter, packet loss, and bandwidth to subscriber and cell-site data, and security and anomaly detection via behavioral patterns tied to subscriber profiles.
Additional stated applications include cell-site aggregation for capacity planning and RAN optimization, feeding correlated analytics into PCRF/PCF policy engines for dynamic QoS management, and device and OS fingerprinting by combining DHCP and TLS/QUIC fingerprints. It also describes TLS/QUIC intelligence for encrypted traffic visibility and DNS intelligence for detecting query patterns such as NXDOMAIN spikes.
On deployment behavior, the brief states ASN-DPI functions as a passive network probe that receives traffic copies from Telco or DC, performs correlation and DPI processing on its side, and exports enriched data. It also states it does not inject traffic back into the network.
Overall, the brief centers on subscriber-aware analytics created by correlating control-plane subscriber identity with user-plane application sessions using DPI and protocol metadata extraction. For enterprise IT, security, and telecom operations leaders, the material frames the approach as a way to connect application classification to subscriber-level QoE, capacity planning inputs, policy enforcement, and encrypted-traffic identification across 4G and 5G environments. Blog Signals brief is a fact-based summary of the vendor blog.