Companies collect statistics associated with network traffic to observe, among other things, how well the company's network services are performing. This helps the companies identify and diagnose service problems, such as those that may result from hardware failures, software defects, or network service attacks. Thus, determining anomalies and the causes of anomalies in network traffic may enable networks to function more efficiently. For example, being able to detect sudden increases or decreases in network traffic and determining who or what is responsible for the sudden changes can help ensure that information is exchanged efficiently across networks. Companies may also wish to keep official statistics for network functions, particularly companies associated with Internet services. Thus, companies seek high-performance network traffic monitoring systems capable of producing detailed and accurate statistics regarding their network traffic.
Nevertheless, existing systems for real-time monitoring of network traffic suffer from several disadvantages. For example, existing systems generally utilize multiple network interface packet capture processes, resulting in the use of significant processing resources that rapidly increase with each additional packet capture process. Further, the complexity of any generated statistics tends to result in a proportional trade-off in both timeliness and processing resources.
Thus, existing systems for monitoring network traffic tend to focus on high performance at the expense of depth of analysis or, alternatively, attempt to provide a detailed analysis but do so at the expense of time and resources. Accordingly, no system currently exists that provides a sufficient combination of high-performance and in-depth analyses. The speed and amount of network data, meanwhile, continue to increase. Thus, a need exists for a system able to provide meaningful analyses in real-time.