Hi-Resolution Traffic Inspection

Powering all Niometrics solutions is NCORE, a high-resolution traffic inspection engine designed and optimized specifically for application recognition. It offers broad application coverage of more than 6,000 applications, high detection rates, and 10 Gb/s inspection throughput in software.

Instead of relying on general-purpose content inspection technology, the NCORE engine was designed from the ground up to satisfy today’s complex protocol recognition needs, and to provide the flexibility needed to cope with an ever-changing protocol ecosystem. It is capable of accurately identifying applications that rely on encryption and obfuscation, as well as the complexities of Web 2.0 applications and protocols that use HTTP as their transport layer.


The core processing components of NCORE have been designed to efficiently cope with protocol recognition workloads in pure software, dispensing the need for less flexible ASIC, FPGA, or network processor acceleration. The core recognition logic utilizes an array of content and statistical analysis techniques that are essential for recognizing today’s traffic, while providing extension hooks for additional feature receptors to be developed as new protocol families emerge.

Open Architecture

In addition, the NCORE engine provides an open API, with IPFIX-compliant flow export, customizable rulesets, and flexible scripting in a familiar Linux based development environment. With the Niometrics software development kit (SDK), users can customize signatures for in-house applications as well as detectors for specific security requirements.

Accelerated Traffic Inspection

Software-based traffic inspection has been able to leverage the improvements in CPU architecture and multi-processor technology, putting up a serious challenge to traditional ASIC based solutions in flexibility and price-performance.

To continue to push the envelope of software-based inspection, Niometrics has begun to leverage GPU acceleration technology to further accelerate its high-resolution DPI engine to take on ever higher packet inspection loads.

Automated Protocol Learning

SIGMA is a service that receives telemetry feeds from ARCS sensors. It automates a large part of the ruleset maintenance cycle using samples of unidentified traffic data. These are analyzed to produce new, or refine existing, traffic classification rules.