Refereed journal article or data article (A1)

A method for endpoint aware inspection in a Network Security Solution

List of AuthorsHeino Jenny, Jalio Christian, Hakkala Antti, Virtanen Seppo

PublisherInstitute of Electrical and Electronics Engineers

Publication year2022

JournalIEEE Access

Volume number10

Start page44517

End page44530




Self-archived copy’s web address


Due to the surge in remote work after the outbreak of COVID-19, network security has gained an enormous focus. The issue of erroneous inspection decisions in network security solutions has long been criticised, but the importance of the decision accuracy has never been as important as today. In this paper we provide a solution for improving the inspection decision accuracy by specifying a method for endpoint aware inspection in a network security solution capable of performing deep packet inspection. The method utilises a subset of the protected network to gather hash fingerprints from the endpoint application network traffic patterns. The information gathered from this subset is then utilised for gaining endpoint awareness for the rest of the protected network. We use methods that work on the application layer of the protocol stack. This makes the method applicable not only for local implementations, such as NGFWs and IPSs, but also for SaaS and SASE solutions. The method is, however, easily utilised with lower layer information, such as network and transport layer information, for operating system awareness as well. We also present a proof-of-concept case study where we observe that, of the applicable network connections, 100% could be identified when the operating system and endpoint application were present in the source group. To our knowledge, this is the first method to enhance the inspection process accuracy by leveraging a subset of the protected network to gain endpoint awareness.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Last updated on 2023-14-03 at 15:42