1. Field of the Invention
This invention relates to computer networks. More particularly, the invention relates to a system and method for detecting a trend in a computer network.
2. Description of the Related Art
In computer networks, a plurality of nodes (e.g., computer systems or other devices) are coupled to a network in order to communicate with each other or share resources. Computer networks face a wide variety of security issues. One aspect of network security pertains to network admission control. For example, some networks require a node's configuration to be validated before the node is admitted to join the network. Any of various aspects of the node's configuration may be checked to determine whether the node meets configuration requirements for joining the network. For example, network admission control may be based on factors such as whether the node is up to date with patches and security definitions.
Another aspect of network security pertains to infection by malicious software, sometimes referred to as “malware”. When malware infests a network or when an attacker begins to compromise a series of nodes within a network, it is desirable to detect the problem in order to be able to respond. While some forms of malware or attack can be relatively easily detected by analyzing network traffic, other forms cannot be easily identified in this manner. Thus, detection approaches based on network traffic analysis perform poorly against some forms of malware or attack. Other detection approaches involve actively scanning the network nodes for potential security threats. For example, the nodes may execute specialized security software for this purpose. However, this approach to malware detection can interfere with the node's normal operation and reduce its efficiency.