System for analysing network traffic and a method thereof

摘要

A method of analyzing network traffic comprising the steps of providing reference network traffic information associated with a remote access server and obtaining current network traffic information associated with the remote access server. Current network traffic information is analyzed using statistical analysis to determine whether values of the current network traffic information are within or outside a statistical range associated with the reference network traffic information. If a value of the current network traffic information is outside the statistical range, the value of the current network traffic information is an outlier which is included in an outlier information table, and an alert is generated. If a value of the current network traffic information is within the statistical range, a similarity value between the value of the current traffic information and outliers is determined. An action is then performed.

主权项

1. A method of analyzing network traffic, the method comprising the steps of:
providing reference network traffic information associated with a remote access server; obtaining current network traffic information associated with the remote access server; analyzing the current network traffic information using statistical analysis to determine whether values of the current network traffic information are within or outside a statistical range associated with the reference network traffic information; performing an action based on the statistical analysis, wherein: when a value of the current network traffic information is outside the statistical range, the value of the current network traffic information is determined to be an outlier, the outlier is included in an outlier information table, and an alert is generated, and when a value of the current network traffic information is within the statistical range, a similarity value between the value of the current traffic information and outliers contained in the outlier information table is determined; and performing an action based on the similarity value between the value of the current traffic information and the outliers, wherein: when the similarity value is greater than or equal to a predetermined value, the corresponding outlier is removed from the outlier information table and the value of the current traffic information is included in the reference traffic information, and when the similarity value is less than the predetermined value, the value of the current traffic information is included in the reference traffic information; wherein the predetermined threshold of at least one similarity value is 95%; wherein the remote access server is a broadband remote access server (B-RAS); and wherein the current and reference network traffic information is based on the following network parameters associated with the remote access server: network traffic usage ‘in’ per port, network traffic usage ‘out’ per port, point to point protocol (PPP) sessions per port, utilization ratio of total traffic ‘in’ per slot group, utilization ratio of total traffic ‘out’ per slot group, and utilization ratio of total traffic PPP sessions per slot.