Communications network traffic analysis systems monitor data exchanged within a communications network (e.g., among hosts connected to a communications link) to identify malicious, erratic, non-compliant, or otherwise of interest activity. Some communications network traffic analysis systems perform monitoring and analysis on a per-data-packet basis. That is, such communications network traffic analysis systems analyze data packets exchanged via a communications network with little or no context or state information related to those data packets.
Other communications network traffic analysis systems monitor and analyze data exchanged within a communications network using communications flows. Such communications network traffic analysis systems can be referred to as communications flow analysis systems. A communications flow is a group of data sets such as data packets provided from one host to another host. Accordingly, such communications network traffic analysis systems can, for example, analyze data packets exchanged between hosts in a communications network using context or state information related to those data packets.
Because a communications flow can include data sets provided from one host to another host over a period of time and off-line analysis may be desired, rather than analyze the data sets of a communications flow in real-time (e.g., as the data sets are sent from one host to another) some such communications network traffic analysis systems store the communications flow and analyze the communications flow off-line. For example, some communications network traffic analysis systems store the data sets of a communications flow at a data store, and analyze the data sets stored at the data store later (e.g., after the flow has terminated) to determine whether the communications flow indicates any activity that is malicious, erratic, non-compliant, or otherwise of interest.