Device and related method for establishing network policy based on applications

What is claimed is: 1. A packet forwarding device of a network system including a plurality of network infrastructure devices, the packet forwarding device comprising a hardware processor and: a. one or more ports configured to, using the hardware processor, receive packets including frames and to send the frames to one or more other devices of the plurality of network infrastructure devices; b. one or more network policies for receiving and sending packets, wherein one of the one or more policies is to minor selectable ones of the frames to an application identification appliance of the plurality of network infrastructure devices; and c. a network policy controller in communication with a packet forwarding function configured for, using the hardware processor: detecting one or more computer applications by: comparing the frames to known signatures associated with the one or more computer applications, calculating a signature-based score for each of the one or more computer applications based on the comparison, extracting metadata associated with the frames, calculating a statistics-based score based on a statistical analysis of the extracted metadata, and calculating a reliability score for each of the one or more computer applications by combining the signature-based score and the statistics-based score in a weighted average, and changing the one or more network policies for receiving and sending packets based on information associated with one or more computer applications detected running on the network system, wherein the packet forwarding device is only any one of switch, a router, or a switch-router. 2. The packet forwarding device of claim 1 wherein the information associated with the one or more computer applications is application metadata information. 3. The packet forwarding device of claim 1 wherein the network policy controller is located in a policy server of the plurality of network infrastructure devices. 4. The packet forwarding device of claim 1 wherein the one or more network policies changed on the packet forwarding device are selected from: 1) block a specific application flow; 2) block an IP address; 3) snipe a TCP connection; 4) disable communication for an application; 5) disable communications to an attached function; 6) disable a network communication, in either or both of a forward path and a reverse path; 7) bandwidth-limit an application by a particular user; 8) bandwidth-limit an application for all users of the network system; 9) log all application data; and 10) honeypot the application flow. 5. The packet forwarding device of claim 1 wherein the one or more network policies are implemented on the packet forwarding device as at least one of a set of ingress rules, egress rules, and mirroring rules. 6. A method for the operation of a network system including a plurality of network infrastructure devices, the method comprising the steps of: a. establishing on one or more packet forwarding devices of the network infrastructure devices one or more network policies or rules implementing the one or more network policies for forwarding frames of received packets based on information associated with one or more computer applications running on the network system, wherein the one or more network policies or rules implementing the one or more network policies established is to mirror selectable frames of the received packets to an application identification appliance of the plurality of network infrastructure devices and wherein the one or more packet forwarding devices is only any of a switch, a router or a switch-router; b. comparing the frames to known signatures associated with the one or more computer applications; c. calculating a signature-based score for each of the one or more computer applications based on the comparison; d. extracting metadata associated with the frames; e. calculating a statistics-based score based on a statistical analysis of the extracted metadata; f. calculating a reliability score for each of the one or more computer applications by combining the signature-based score and the statistics-based score in a weighted average; g. identifying the one or more computer applications running on the network system based on the reliability score; and h. changing one or more of the one or more network policies or rules based on the information associated with the one or more computer applications running on one or more of the plurality of network infrastructure devices through the step of examining the characteristics. 7. The method of claim 6 wherein the one or more applications running on the network system are identified based on one or more frames received from the network system in the received packets. 8. The method of claim 6 further comprising the step of implementing the one or more network policies or the rules implementing the one or more network policies on the packet forwarding device as at least one of a set of ingress rules, egress rules, and mirroring rules. 9. The method of claim 6 wherein the one or more network policies or the rules implementing the one or more network policies changed is to mirror selectable frames of the received packets to an application identification appliance of the plurality of network infrastructure devices. 10. The method of claim 6 wherein the one or more of the one or more network policies or the rules implementing the network policies changed are selected from: 1) block a specific application flow; 2) block an IP address; 3) snipe a TCP connection; 4) disable communication for an application; 5) disable communications to an attached function; 6) disable a network communication, in either or both of a forward path and a reverse path; 7) bandwidth-limit an application by a particular user; 8) bandwidth-limit an application for all users of the network system; 9) log all application data; and 10) honeypot the application flow.