This subsection shows that for a specific scenario, the role correlation algorithm associates new groups with existing ones in an appropriate way. Figure 5 lists the scenario we investigate. In the Mazu network, we swapped the roles of unix_mail and ms_exchange by switching their IP addresses. We also replaced the old NT server, called mazu_nt (10.0.0.18), with a new server (10.0.1.18). Finally, we removed an old admin machine (10.0.0.110) and brought in a new eng machine (10.0.0.200). Although the specific scenario is just one of many possible ones, it includes the types of changes that could happen in a real network.
The modified connection patterns were used as inputs to the role classification algorithm. The role correlation algorithm then correlated the new grouping results with the original results. Every group in the new results is correlated with an old group. Figure 5 depicts the four groups that are affected by the changes. Observe how the member compositions of these four groups change from the ones in Figure 4. Both unix_mail and ms_exchange are correctly identified in the same fashion as in Figure 4 despite their role reversal. The new NT server (new-nt_server) appropriately takes the place of the old one. Similarly, a new eng host is grouped with other eng machines. Despite various changes to the connection patterns, the role correlation algorithm was able to correctly associate each new group with an existing one. We continue to investigate the limits of the role correlation algorithm under rigorous changes in connection patterns.