Key points are not available for this paper at this time.
Existing traffic analysis tools focus on traffic volume. They identify the heavy-hitters - flows that exchange high volumes of data, yet fail to identify the structure implicit in network traffic - do certain flows happen before, after or along with each other repeatedly over time? Since most traffic is generated by applications (web browsing, email, p2p), network traffic tends to be governed by a set of underlying rules. Malicious traffic such as network-wide scans for vulnerable hosts (mySQLbot) also presents distinct patterns.
Kandula et al. (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: