A traffic analysis apparatus includes: a first means that estimates a state sequence from time-series data of communication traffic based on a hidden Markov model, and groups, into one group, a plurality of patterns with resembling state transitions in the state sequence to perform extraction of a state sequence, with taking the plurality of patterns grouped into one group as one state; and a second means that determines an application state corresponding to the time-series data based on the state sequence extracted by the first means and predetermined application characteristics.

A traffic analysis apparatus includes: a first means that estimates a state sequence from time-series data of communication traffic based on a hidden Markov model, and groups, into one group, a plurality of patterns with resembling state transitions in the state sequence to perform extraction of a state sequence, with taking the plurality of patterns grouped into one group as one state; and a second means that determines an application state corresponding to the time-series data based on the state sequence extracted by the first means and predetermined application characteristics.

The process includes acquiring, from a relay device that relays a packet between a first communication device and a second communication device, a plurality of first delay times generated by a round trip of the packet between the first communication device and the relay device, and a plurality of second delay times generated by a round trip of the packet between the second communication device and the relay device, sorting separately the plurality of first delay times and the plurality of second delay times based on a length of a delay time, and calculating device delay times based on a first delay calculation that calculates a difference between each of the plurality of first delay times and each of the plurality of second delay times in a same rank after the sorting.

A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.

A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.

An information handling system includes a plurality of network nodes and a processor. Each network node includes an optical link and a reflectometry analyzer. The reflection analyzers provide a plurality of reflectometry results that each provide a characterization of physical properties of the optical link. The processor receives the reflectometry results, analyzes the reflectometry results to define a fingerprint of the physical properties of the optical link, and determines a status for each of the optical links based upon the associated fingerprints. The status for each of the optical links includes one of a plurality of graded statuses. Each graded status represents a qualitative measure of the physical properties of the associated optical link. A first graded status represents a better qualitative measure than a second graded status. The processor further receives a request to route a data flow from a first one of the network nodes to a second one of the network nodes. The data flow is associated with a service level agreement that defines that the data flow is to be routed on optical links that have the first graded status. The processor further determines a path between the first network node and the second network node where each of optical links in the path have the first graded status.

Techniques and systems for determining a malicious derivative entity within a network are provided herein. A method for determining a malicious derivative entity may include receiving, by a network-based authentication system, a plurality of network transactions. A first attribute of a network transaction within the plurality of network transactions may be identified. The method may also include identifying a plurality of entities for the first attribute. The network-based authentication system may generate a first visual representation of a relationship between the first attribute and the plurality of derivative entities. Each of the derivative entities and the first attribute may be represented as nodes within the first visual representation. A first score for each of the nodes may be determined based on a degree of centrality of the nodes within the first visual representation. One network transaction may be blocked based on at least one node exceeding a first threshold.

Techniques and systems for determining a malicious derivative entity within a network are provided herein. A method for determining a malicious derivative entity may include receiving, by a network-based authentication system, a plurality of network transactions. A first attribute of a network transaction within the plurality of network transactions may be identified. The method may also include identifying a plurality of entities for the first attribute. The network-based authentication system may generate a first visual representation of a relationship between the first attribute and the plurality of derivative entities. Each of the derivative entities and the first attribute may be represented as nodes within the first visual representation. A first score for each of the nodes may be determined based on a degree of centrality of the nodes within the first visual representation. One network transaction may be blocked based on at least one node exceeding a first threshold.

A computing system implementing an application service can determine, from a network dataset, that a network latency for a common network service provider crosses an upper latency threshold. Based on this determination, the system can determine a subset of the computing devices that utilize the common network service provider, and transmit a set of configuration signals to the subset of computing devices. The set of configuration signals can modify a set of default application configurations of a designated application to compensate for the network latency.

A computing system implementing an application service can determine, from a network dataset, that a network latency for a common network service provider crosses an upper latency threshold. Based on this determination, the system can determine a subset of the computing devices that utilize the common network service provider, and transmit a set of configuration signals to the subset of computing devices. The set of configuration signals can modify a set of default application configurations of a designated application to compensate for the network latency.