Networks, including local area networks (LAN) and wide area networks (WAN), are becoming increasingly prevalent as the number of computers in organizations grows. The traffic which passes through such a network may be monitored in order to maintain an efficient network. The flow of packets through the network is analyzed by detecting packets as they are transported from point to point on the network.
Many traffic analysis solutions today have a set of predefined categories of traffic and track usage for each one of these categories individually. The predefined category methods can quickly grow out of date. For example, if a new video sharing site shows up tomorrow, it is unlikely that there will be a category defined for the new video site right away. In addition, such solutions do not work well for local resources. For example, if a local network has a specific backup server running on a non-standard port, it is unlikely that a category will be defined soon enough for that type of traffic. Conventional methods that attempt to remember every flow or a certain number of sampled packets suffer from potentially unbounded memory use.