Role classification involves grouping hosts into related roles. It exposes the logical structure of a network, simplifies network management tasks such as policy checking and network segmentation, and can be used to improve the accuracy of network monitoring and analysis algorithms such as intrusion detection. This paper defines the role classification problem and introduces two practical algorithms that group hosts based on observed connection patterns while dealing with changes in these patterns over time. The algorithms have been implemented in a commercial network monitoring and analysis product for enterprise networks. Results from grouping two enterprise networks show that the number of groups identified by our algorithms can be two orders of magnitude smaller than the number of hosts and that the way our algorithms group hosts highly reflects the logical structure of the networks.

翻译：角色分类涉及将主机分组为相关角色。它揭示了网络的逻辑结构，简化了策略检查与网络分段等网络管理任务，并能用于提升入侵检测等网络监控与分析算法的准确性。本文定义了角色分类问题，并引入两种实用算法，这些算法基于观测到的连接模式对主机进行分组，同时处理这些模式随时间的变化。这些算法已在面向企业网络的商用网络监控与分析产品中实现。对两个企业网络的分组结果表明，我们的算法识别出的组数量可比主机数量少两个数量级，且算法的分组方式高度反映了网络的逻辑结构。