Your network is information
The data traveling over IP networks provides a wealth of information ready to be exploited in a great variety of ways. The strength of the Qosmos technology lies in its unrivalled ability to extract all application data contained in IP flows and to make this information relevant to your business needs.
Qosmos Network Information eXtraction Technology
Through its unique network information eXtraction (iX) technology, Qosmos empowers the development of a large range of intelligent applications, through the real-time extraction of key data traveling over IP networks. For examples of applications enabled by Qosmos, click here.
Based on Qosmos network information eXtraction technology, Qosmos products include:
- A Software Development Kit, Qosmos ixEngine, used by Network Equipment Providers, Telecom Equipment Manufacturers, and Software or Solutions Vendors, to integrate Information eXtraction features into their products.
- A complete range of appliances, Qosmos ixMachine, used by System Integrators to feed third party systems with highly specified, valuable information.
Unrivalled Protocol and Application Recognition
Modern applications use communication protocols that are increasingly complex, and that are even by design difficult to analyze. The extremely high traffic detection rate of the Qosmos technology is due to the fact that the analysis carried out by Qosmos patented algorithms is performed on the totality of IP flows rather than packet by packet.
The grammar of network flows: Semantic and syntactical analysis
Qosmos iX technology carries out comprehensive stateful analysis of bi-directional flows, up to and including layer 7.
The grammar of network flows: Semantic and syntactical analysis
Qosmos iX technology carries out comprehensive stateful analysis of bi-directional flows, up to and including layer 7.
Replacing traditional pattern matching techniques, whereby each packet is analyzed based on well known pre-ordained rules – rules that may be subverted or flawed, Qosmos’ patented recognition engine only makes a decision on the nature of the flows observed once the packets have been grouped in a coherent whole and analyzed together with regard to internal semantic and syntactical criteria. It is this advanced DPI that inspects even the grammar of network flows, with attention to the real behavior of packets rather than to pre-defined assumptions about packet behavior, that explains the unrivalled recognition rates of the Qosmos technology.
The Network is a Database
A Unique “Database View”
One of the main aspects of the Qosmos technology concerns the unique “database view” of the network that it provides. Qosmos' patented recognition engine queries the network as if it were a database, providing powerful filtering tools enabling the extraction of only those flows of interest to customers’ specific needs, thus greatly reducing the time required for the processing and post-processing of data.
One of the main aspects of the Qosmos technology concerns the unique “database view” of the network that it provides. Qosmos' patented recognition engine queries the network as if it were a database, providing powerful filtering tools enabling the extraction of only those flows of interest to customers’ specific needs, thus greatly reducing the time required for the processing and post-processing of data.
Of course, in such a “database” approach to network flows, the query language used is of central importance. As communication speeds and throughputs dramatically increase, the fast and efficient processing of data is of paramount importance. To ensure the efficient processing of information flows, Qosmos has defined unique proprietary query languages, called ixQuery Language or ixQL, that query the network based on advanced filtering techniques.
Qosmos ixQuery Language (ixQL)
Qosmos’s patented recognition engine provides a powerful layer of abstraction based on the grammar of network flows that enables you to reconstitute the entire protocol stack of flows analyzed. The protocol stack is accessed using a unique proprietary language developed by Qosmos, known as Qosmos ixProtocol.
A further layer of abstraction, Qosmos ixAttribute, provides direct access to all the protocol and application characteristics, known as attributes, of the complete protocol stack for any given connection, enabling you to isolate and characterize the applications used, no matter how many sessions, connections or protocols involved.
A third layer of abstraction, Qosmos ixFilter, based on both protocol stack regular expressions and attribute values, enables the use of Boolean operators in order to select specific information flows.
Complex Encapsulation Management
In modern networks, the number of protocols forming a stack used in an exchange is not known in advance. It can be simple and limited (Ethernet / IP / TCP / HTTP) in a local area network. It can also use multiple encapsulations in an operator DSL network (ATM / AAL5 / IP / UDP / L2TP / PPP / IP / TCP / HTTP). However, the same application is involved in each case, only the transport networks are different.
Thanks to the semantic and syntactical analyses carried out by Qosmos iX technology, it is possible to identify such complex protocol architectures, whatever their number, and without any special pre-configuration, enabling the recognition of highly complex encapsulation tunnels.
Thanks to the semantic and syntactical analyses carried out by Qosmos iX technology, it is possible to identify such complex protocol architectures, whatever their number, and without any special pre-configuration, enabling the recognition of highly complex encapsulation tunnels.
Session Inheritance Management
Qosmos’ powerful iX engine implements a mechanism known as Session Inheritance, for the efficient management of complex session relationships in the context of multiple sessions.
Session inheritance enables direct access to the protocol attributes of the parent session of any given session. This feature can be used in the regular expressions of Qosmos ixQuery Language in order to query network flows much as one would a database.
Multi-protocol Attributes
The Qosmos recognition engine also enables the use of multi-protocol attributes. Multi-protocol attributes can belong to more than one protocol, and can be accessed without naming any particular protocol.
Such protocol-independent information extraction may be extremely useful. For example, multi-protocol attributes may be used in Qosmos ixQuery Language, to write a protocol stack regular expression that will retrieve all source ports in both tcp and udp protocols.
The use of multi-protocol attributes enables the application of session inheritance management using intra-protocol and inter-protocol criteria.
Structured attributes
Communications protocols are used in increasingly complex multi-session contexts. In order to completely understand session behavior, the Qosmos iX engine enriches the protocols with "structured" information capable of expressing the complex structures involved.
For example, a single HTTP reply for a webmail may contain multiple emails, each having multiple recipients and attachments, and each attachment having multiple attributes (name, type, size, etc.). However, without a means of describing the complex relationshps involved, these attributes, lose an important part of their meaning: the application will need to know how the multiple values of the low-level attributes attach_name, receiver_alias, etc. relate to one another.
To express such complex relationships, the protocol itself is “enriched” with new structured attributes reflecting the true complexity of the structures in play, and a corresponding parent attribute for a session is specified for each related attribute observed.
The Qosmos recognition engine also enables the use of multi-protocol attributes. Multi-protocol attributes can belong to more than one protocol, and can be accessed without naming any particular protocol.
Such protocol-independent information extraction may be extremely useful. For example, multi-protocol attributes may be used in Qosmos ixQuery Language, to write a protocol stack regular expression that will retrieve all source ports in both tcp and udp protocols.
The use of multi-protocol attributes enables the application of session inheritance management using intra-protocol and inter-protocol criteria.
Structured attributes
Communications protocols are used in increasingly complex multi-session contexts. In order to completely understand session behavior, the Qosmos iX engine enriches the protocols with "structured" information capable of expressing the complex structures involved.
For example, a single HTTP reply for a webmail may contain multiple emails, each having multiple recipients and attachments, and each attachment having multiple attributes (name, type, size, etc.). However, without a means of describing the complex relationshps involved, these attributes, lose an important part of their meaning: the application will need to know how the multiple values of the low-level attributes attach_name, receiver_alias, etc. relate to one another.
To express such complex relationships, the protocol itself is “enriched” with new structured attributes reflecting the true complexity of the structures in play, and a corresponding parent attribute for a session is specified for each related attribute observed.
Complete Library of Protocol and Application Signatures
Qosmos’ library of protocol and application signatures is completely unique as it both combines the largest number of protocols and applications recognized (over 300) to the deepest knowledge of information extracted from these protocols and applications (over 4000 attributes). Qosmos’s library is regularly updated to respond to the continuous emergence of new protocols and applications as well as to accommodate Qosmos’ customer demands for custom protocol or application signature development.
Protocol and application families in Qosmos’ library include:
- Basic: IP, UDP, ARP, Ethernet, TCP, etc.
- Communication: chat, webmail, IM, emails, forums, etc.
- Consumer Applications: web, wap, games, etc.
- Business Applications: SAP, Thin client (Citrix), application services, database, printers, etc.
- Network: Network management, middleware, authentification, compression, encrypted, file server, Network services, routing, terminal, tunneling, etc.
- Multimedia & VoIP: Audio, Video, P2P, SIP, RTP, etc.