A system and method for developing network policy document and assuring
up-to-date monitoring and automated refinement and classification of the
network policy. The system administrator defines an initial policy
document that is provided as the initial symbolic classifier. The
classification rules remain in human readable form throughout the
process. Network system data is fed through the classifier, which labels
the data according to whether a policy constraint is violated. The labels
are tagged to the data. The user then reviews the labels to determine
whether the classification is satisfactory. If the classification of the
data is satisfactory, the label is unaltered; However, if the
classification is not satisfactory, the data is re-labeled. The
re-labeled data is then introduced into a refinement algorithm, which
determines what policy must be modified to correct classification of
network events in accordance with the re-labeling. The network
administrator then inspects the resulting new policy and modifies it if
necessary. An updated classifier replaces the previous classifier.