Methods, apparatuses and systems allowing for bandwidth management schemes
responsive to utilization characteristics associated with individual
users. In one embodiment, the present invention allows network
administrators to penalize users who carry out specific questionable or
suspicious activities, such as the use of proxy tunnels to disguise the
true nature of the data flows in order to evade classification and
control by bandwidth management devices. In one embodiment, each
individual user may be accorded an initial suspicion score. Each time the
user is associated with a questionable or suspicious activity (for
example, detecting the set up of a connection to an outside HTTP tunnel,
or peer-to-peer application flow), his or her suspicion score is
downgraded. Data flows corresponding to users with sufficiently low
suspicion scores, in one embodiment, can be treated in a different manner
from data flows associated with other users. For example, different or
more rigorous classification rules and policies can be applied to the
data flows associated with suspicious users.