Splunk Inc.
Behavioral based device clustering

Abstract:

One or more embodiments are directed behavioral based device clustering. A network traffic log of devices in the network is received. Features of devices are extracted from the network traffic log and aggregated into an aggregated feature matrix on a per device basis. By applying a topic modeling algorithm to the aggregated feature matrix, the devices are clustered into device groups according to behavior groups. A device is assigned to the device group to create an assignment.