The widespread deployment of high-speed computer networks has revolutionized domains as commerce, entertainment, and data management. However, as more networks are deployed, and the sizes of such networks expand, monitoring traffic within the networks becomes increasingly more challenging. Network-traffic monitoring and analysis is important for many different purposes, including identification of network applications, enforcement of security protocols, accounting, network capacity planning, and compliance with data-retention regulations. One technique utilized to facilitate network-traffic monitoring is binning, i.e., the placement of network traffic into different groupings based on particular criteria. This facilitates analysis of temporal traffic patterns (e.g., which bins tend to fill up fastest) and detection of anomalies (e.g., consecutive empty bins indicating an unresponsive node), which, in turn, can trigger immediate troubleshooting and repair or, less urgently, re-allocation of resources to conform to changing usage profiles.
Many conventional binning approaches are inefficient, as they require that the traffic to be monitored be read twice—once to determine the bin size necessary to store all of the various records, and the second time to assign each record to the proper bin. Other conventional binning approaches, such as that described in U.S. Pat. No. 8,965,839, the entire disclosure of which is incorporated by reference herein, require the on-the-fly formation of new bins of various widths depending upon the record value.
In view of the foregoing, there is a need for systems and techniques for the improved binning of network traffic that efficiently store received network records as a function of time while enabling both bin-level analysis and analysis of the original records.