A method for profiling network traffic of a network. The method includes obtaining a signature library comprising a plurality of signatures corresponding to a plurality of behavioral models, generating, based on a first pre-determined criterion, a group behavioral model associated with the signature library, wherein the group behavioral model represents a common behavior of a plurality of historical flows identified from the network traffic, wherein each of the plurality of signatures correlates to a subset of the plurality of historical flows, selecting a flow in the network traffic for including in a target flow set, wherein the flow matches the group behavioral model without matching any of the plurality of behavioral models, analyzing the target flow set to generate a new signature, and adding the new signature to the signature library. Further, each behavioral model is generated from a kernel constructed using boosting of decision tree learning methods.
展开▼
