In step 414 of method 400, DSDN dynamically monitor s traffic amount and/or patterns to predetermined connections to ensure proper functioning and to determine the presence of undesired software within the DSDN. One example of step 414 is DSDN capable router 106 monitoring all traffic within DSDN 100 to if traffic amounts and patterns vary that that expected the be DSDN configured devices. If it is determined that traffic amounts and/or patterns do vary from that expected, DSDN capable router 106 may initiate an analysis of the infringing device to confirm the presence of malicious software. If malicious software is found, remediation process are activated, such as isolating the device to an newly generated isolation subnetwork, which restricts or eliminates traffic flow depending on the necessity of the device. Malicious software removal steps may also be taken.

FIG. 5 shows one exemplary remediation process 500, for remediating a device within the DSDN that is determined to have been infected by malicious software.

Step 502 of method 500 initiates a detection process to determine if a device is infected. One example of step 502 is router or service provider implemented DSDN system initiates a scan or monitoring of a device, subnetwork or network.

In detection step 504, method 500 utilizes third party data to determine if the device is infected. Third party data may include, but is not limited to, a report of DDOS involved computers, a report Spam involved computers, third party notifications, and computers identified during a Darknet monitoring process. One example of step 504 is a user's service provider comparing the device to one or more of the above described lists.