主权项 |
1. A method comprising:
receiving, by a security device, a traffic flow for use of a service; receiving, by one or more service-providing devices, the traffic flow; obtaining, by an analytics device, logs from the security device and the one or more service-providing devices, wherein the logs include information pertaining to traffic flow activity at an application layer associated with the service; storing, by the analytics device, rules that identify behavior ranging from unintentional behavior through intentional behavior for one or multiple communication layers including an application layer of a communication stack, wherein the unintentional behavior includes behavior that unnecessarily uses resources associated with the service; interpreting, by the analytics device, the logs based on one or more of the rules; determining, by the analytics device, whether a violation exists based on the interpreting; and generating a notification in response to determining that the violation exists. |