Role Classification of Hosts within Enterprise Networks Based on Connection Patterns
2026-03-10 • Networking and Internet Architecture
Networking and Internet ArchitectureCryptography and Security
AI summaryⓘ
The authors explain a way to sort computers in a network into different groups based on how they connect with each other. This helps understand the network’s layout and makes managing it easier, like checking security rules or dividing the network into parts. They created two algorithms that can handle changes over time in how hosts connect. When tested on two large networks, their method grouped many computers into just a few groups that matched the network’s actual structure well.
role classificationnetwork hostsconnection patternsnetwork segmentationpolicy checkingintrusion detectionnetwork monitoringenterprise networksclustering algorithmsnetwork management
Authors
Godfrey Tan, Massimiliano Poletto, John Guttag, Frans Kaashoek
Abstract
Role classification involves grouping hosts into related roles. It exposes the logical structure of a network, simplifies network management tasks such as policy checking and network segmentation, and can be used to improve the accuracy of network monitoring and analysis algorithms such as intrusion detection. This paper defines the role classification problem and introduces two practical algorithms that group hosts based on observed connection patterns while dealing with changes in these patterns over time. The algorithms have been implemented in a commercial network monitoring and analysis product for enterprise networks. Results from grouping two enterprise networks show that the number of groups identified by our algorithms can be two orders of magnitude smaller than the number of hosts and that the way our algorithms group hosts highly reflects the logical structure of the networks.