The function determines whether the user network is operating normally by auditing these statistics on iNode xxx: the IP traffic, number of Layer 2 broadcast packets, number of packets passing the anthenticated NIC, and number of TCP/UDP connections. If the amount of IP traffic, Layer 2 broadcast packets, anthenticated NIC packets, or TCP/UDP connections exceeds the corresponding threshold, the EAD policy server considers exceptions occur in the network and takes proper actions based on the security policy.