The field of the present disclosure relates generally to analyzing computer networks and, more specifically, to determining service flow ranks based on the flow dependencies of data flow in view of the services associated with those data flows.
Computer networks are vulnerable to malicious attacks. Detecting current or prior attacks (or intrusions) requires in-depth knowledge of the network data flows in the system. Data flows represent the paths that packets of data travel when the packets are transmitted from one computer system to another computer system. One important aspect of knowing the data flows in a network is the dependencies among network data flows. For example if a computer system or device receives a first data flow and then that computer system transmits a second data flow in response, that second data flow is dependent on the first. Determining this dependency is important to know which data flows are related to each other. Known techniques for determining data flows utilize the following fields: source IP address, destination IP address, port numbers, and flow timing, among other data fields.
Cyber mission assurance requires service availability even if cyber-attacks impair computer network systems, and consequently missions. Additionally, the importance of different data flows may change depending on the mission or applications running on one or more computer systems within the network. By identifying critical services and service dependencies of network assets in relation to specific missions, automated courses of action and control policies can be implemented.