A survey of network flow applications

Journal of Network and Computer Applications

Volumn 36, Issue 2, 2013, Pages 567-581

  Li, Bingdong ^a,b   Springer, Jeff ^a   Bebis, George ^b   Hadi Gunes, Mehmet ^b  

^a UNIVERSITY OF NEVADA   (United States)

^b University of Nevada   (United States)

Author keywords

Machine learning; NetFlow; Network security; Network traffic analysis; sFlow

Indexed keywords

INFORMATION TECHNOLOGY INFRASTRUCTURE; NETFLOWS; NETWORK FLOWS; NETWORK TRAFFIC ANALYSIS; RESEARCH TOPICS; SFLOW; STATE OF THE ART;

INFORMATION TECHNOLOGY; LEARNING SYSTEMS; NETWORK SECURITY;

SURVEYS;

EID: 84874724334     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2012.12.020     Document Type: Review

References (161)

1. AURORA: Traffic analysis and visualization. 〈 http://www.zurich.ibm. com/aurora/ 〉. Retrieved September 13, 2012.
2. S.A. Abdulla, S. Ramadass, A. Altaher, and A.A. Nassiri Setting a worm attack warning by using machine learning to classify netflow data International Journal of Computer Applications 36 December (2) 2011 49 56
3. Ball R, Fink GA, North C. Home-centric visualization of network traffic for security administration. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, VizSEC/DMSEC '04. New York, NY, USA: ACM; 2004. p. 55-64.
4. P. Barlet-ros, and A. Cabellos-aparicio Analysis of the impact of sampling on NetFlow traffic classification Methodology 55 5 2010 1083 1099
5. Barsamian AV. Network characterization for botnet detection using statistical-behavioral methods. Master's thesis, Thayer School of Engineering, Dartmouth College, USA; June 2009.
6. Bartos K, Rehak M, Krmicek V. Optimizing flow sampling for network anomaly detection. In: Wireless communications and mobile computing conference (IWCMC), 2011 7th international, July 2011. p. 1304-9.
7. Baker F, Foster B, Sharp C. Cisco architecture for lawful intercept in IP networks. 〈 http://rfc-ref.org/RFC-TEXTS/3924/index.html 〉. Retrieved June 3, 2012.
8. L. Bin, L. Chuang, Q. Jian, H. Jianping, and P. Ungsunan A NetFlow based flow analysis and monitoring system in enterprise networks Computer Networks 52 5 2008 1074 1092
9. Bo X, Ming C, Fei L, Na W. P2P flows identification method based on listening port. In: 2nd IEEE international conference on broadband network multimedia technology, 2009. IC-BNMT '09, 2009. p. 296-300.
10. Bouhtou M, Klopfenstein O. Robust optimization for selecting netflow points of measurement in an IP network. In: IEEE GLOBECOM 2007, IEEE global telecommunications conference, 2007. p. 2581-5.
11. Brauckhoff D, Tellenbach B, Wagner A, May M, Lakhina A. Impact of packet sampling on anomaly detection metrics. In: Proceedings of the 6th ACM SIGCOMM on Internet measurement IMC 06, 2006. p. 159.
12. Caracas A, Kind A, Gantenbein D, Fussenegger S, Dechouniotis D. Mining semantic relations using NetFlow. In: 3rd IEEE/IFIP international workshop on business-driven IT management, 2008. BDIM 2008, April 2008. p. 110-1.
13. Carela-Espanol V, Barlet-Ros P, Solé-Pareta J. Traffic classification with sampled netflow. Technical Report 2, Technical report, Universitat Politecnica de Catalunya, 2009.
14. Čeleda P, Vykopal J, Plesník T, Trunečka M, Krmíček V. Malware detection from the network perspective using netflow data. In: 3rd NMRG workshop on NetFlow/IPFIX usage in network management, 2010.
15. Chan Y-T, Shoniregun CA, Akmayeva GA. A NetFlow based Internet-worm detecting system in large network. In: Third international conference on digital information management, 2008. ICDIM 2008. 2008. p. 581-6.
16. Chaudhary UK, Papapanagiotou I, Devetsikiotis M. Flow classification using clustering and association rule mining. In: 15th IEEE international workshop on computer aided modeling, analysis and design of communication links and networks (CAMAD), 2010. p. 76-80.
17. Chen Y, Jain S, Adhikari V, Zhang Z-L, Xu K. A first look at inter-data center traffic characteristics via yahoo! datasets. In: INFOCOM, 2011 Proceedings IEEE, April 2011. p. 1620-8.
18. G. Cheng, and J. Gong A resource-efficient flow monitoring system Communications Letters, IEEE 11 June (6) 2007 558 560
19. Cho K, Kaizaki R, Kato A. Aguri: an aggregation-based traffic profiler. In: Proceedings of the second international workshop on quality of future internet services, COST 263. London, UK: Springer-Verlag; 2001. p. 222-42.
20. H. Choi, H. Lee, and H. Kim Fast detection and visualization of network attacks on parallel coordinates Computers Security 28 5 2009 276 288
21. Cohen E, Duffield N, Lund C, Thorup M. Confident estimation for multistage measurement sampling and aggregation. In: Proceedings of the 2008 ACM SIGMETRICS international conference on measurement and modeling of computer systems SIGMETRICS 08, (i), 2008. p. 109.
22. Collins MP, Reiter MK. Hit-list worm detection and bot identification in large networks using protocol graphs. In: Proceedings of the 10th international conference on recent advances in intrusion detection, RAID'07. Berlin, Heidelberg: Springer-Verlag; 2007. p. 276-95.
23. Deri L. ntop. 〈 http://www.ntop.org 〉. Retrieved June 3, 2012.
24. Deri L. Open source VoIP traffic monitoring. 〈 http://131.114.21.22/ VoIP.pdf 〉. Retrieved June 3, 2012.
25. Dressler F, Jaegers W, German R. Flow-based worm detection using correlated honeypot logs. In: Proceedings of 15th GI/ITG fachtagung kommunikation in verteilten systemen (KiVS 2007), 2007. p. 181-6.
26. Dubendorfer T, Plattner B. Host behaviour based early detection of worm outbreaks in internet backbones. In: 14th IEEE international workshops on enabling technologies infrastructure for collaborative enterprise WETICE05, (c), 2005. p. 166-71.
27. Dubendorfer T, Wagner A, Plattner B. A framework for real-time worm attack detection and backbone monitoring. In: First IEEE international workshop on critical infrastructure protection IWCIP05, 2005. p. 3-12.
28. N. Duffield Sampling for passive internet measurement a review Statistical Science 19 2004 472 498
29. N. Duffield, and M. Grossglauser Trajectory sampling with unreliable reporting IEEE/ACM Transactions on Networking 16 February (1) 2008 37 50
30. Duffield N, Lund C, Thorup M. Charging from sampled network usage. In: Proceedings of the 1st ACM SIGCOMM workshop on internet measurement, IMW '01. New York, NY, USA: ACM; 2001. p. 245-56.
31. Duffield N, Lund C, Thorup M. Properties and prediction of flow statistics from sampled packet streams. In: Proceedings of the 2nd ACM SIGCOMM workshop on Internet measurement, IMW '02. New York, NY, USA: ACM; 2002. p. 159-71.
32. Erbacher RF. Visual behavior characterization for intrusion detection in large scale systems. In: Proceedings of the IASTED international conference on visualization, imaging, and image processing, 2001. p. 54-9.
33. C. Estan, K. Keys, D. Moore, and G. Varghese Building a better NetFlow ACM SIGCOMM Computer Communication Review 34 4 2004 245
34. Fioreze T, Granville LZ, Pras A, Sperotto A, Sadre R. Self-management of hybrid networks: Can we trust netflow data? In: IM09 IFIPIEEE international symposium on integrated network management 2009, 2009. p. 577-84.
35. Fischer F, Mansmann F, Keim DA, Pietzko S. Large-scale network monitoring for visual analysis of attacks. In: Visualization for computer security 5th international workshop VizSec 2008, 2008 proceedings, vol. 72(1-3), Cambridge, MA, USA, September 15, 2008. p. 1-8.
36. Foukarakis M, Antoniades D, Antonatos S, Markatos EP. Flexible and high-performance anonymization of NetFlow records using anontool. In: 2007 third international conference on security and privacy in communications networks and the workshops SecureComm, 2007. p. 33-8.
37. J. François, S. Wang, R. State, and T. Engel BotTrack tracking botnets using NetFlow and PageRank NETWORKING 2011 6640 2011 1 14
38. Francois J, Wang S, Bronzi W, State R, Engel T. BotCloud: detecting botnets using MapReduce. In: 2011 IEEE international workshop on information forensics and security (WIFS), 2011. p. 1-6.
39. Frias-Martinez V, Sherrick J, Stolfo SJ, Keromytis AD. A network access control mechanism based on behavior profiles. In: Computer security applications conference, 2009. ACSAC '09. Annual, 2009. p. 3-12.
40. Galtsev AA, Sukhov AM. Network attack detection at flow level. Aerospace, 2011.
41. Gao L, Yang J, Zhang H, Zhang B, Qin D. FlowInfra: a fault-resilient scalable infrastructure for network-wide flow level measurement. In: Network operations and management symposium (APNOMS), 2011 13th Asia-Pacific, 2011. p. 1-8.
42. Gao Y, Li Z, Chen Y. A DoS resilient flow-level intrusion detection approach for high-speed networks. In: 26th IEEE international conference on distributed computing systems, 2006, ICDCS 2006, 2006. p. 39.
43. D. Geer Behavior-based network security goes mainstream Computer 39 March (3) 2006 14 17
44. Goodall JR, Sowul M. VIAssist: visual analytics for cyber defense. In: IEEE conference on technologies for homeland security, 2009. HST '09, May 2009. p. 143-50.
45. Gossett AM, Papapanagiotou I, Devetsikiotis M. An apparatus for P2P classification in Netflow traces. In: GLOBECOM workshops (GC Wkshps), 2010 IEEE, 2010. p. 1361-6.
46. Gregr M, Matousek P, Sveda M, Podermanski T. Practical IPv6 monitoring-challenges and techniques. In: 2011 IFIP/IEEE international symposium on integrated network management (IM), May 2011. p. 650-3.
47. Haddadi H, Landa R, Moore AW, Bhatti S, Rio M, Che X. Revisiting the issues on netflow sample and export performance. In: Third international conference on communications and networking in China, 2008. ChinaCom 2008. 2008. p. 442-6.
48. Han B-J, Lee J-H, Sohn S-G, Ryu J-H, Chung T-M. pFlours: a new packet and flow gathering tool. In: 10th international conference on advanced communication technology, 2008. ICACT 2008, vol. 1, 2008. p. 731-6.
49. Han S-h, Kim M-s, Ju H-t, Hong JW-k. The architecture of NG-MON: a passive network monitoring system. In: Proceeding of 13th IFIP/IEEE international workshop on distributed systems: operations and management, 2002. p. 16-27.
50. F. Hao, M. Kodialam, T.V. Lakshman, and S. Mohanty Fast memory efficient flow rate estimation using runs IEEE/ACM Transactions on Networking 15 6 2007 1467 1477
51. Hsiao H-W, Chen D-N, Wu TJ. Detecting hiding malicious website using network traffic mining approach. In: 2nd international conference on education technology and computer (ICETC), 2010, vol. 5, June 2010. p. V5-276-80.
52. Y. Hu, D.-m. Chiu, J.C.S. Lui, and S. Member Entropy based adaptive flow aggregation IEEE/ACM Transactions on Networking 17 3 2009 698 711
53. Internet Traffic Classification. 〈 http://www.caida.org/research/ traffic-analysis/classification-overview/ 〉. Retrieved June 3, 2012.
54. Introduction to Cisco IOS ® NetFlow - a technical overview. 〈 http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ prod-white-paper0900aecd80406232.html 〉. Retrieved June 3, 2012.
55. IPFIX. 〈 http://datatracker.ietf.org/wg/ipfix/ 〉. Retrieved September 13, 2012.
56. H. Jiang, Z. Ge, S. Jin, and J. Wang Network prefix-level traffic profiling characterizing, modeling, and evaluation Computer Networks 54 December (18) 2010 3327 3340
57. Jiang H, Moore AW, Ge Z, Jin S, Wang J. Lightweight application classification for network management. In: Proceedings of the 2007 SIGCOMM workshop on Internet network management INM 07, 2007. p. 299.
58. Jinsong W, Weiwei L, Yan Z, Tao L, Zilong W. P2P traffic identification based on NetFlow TCP flag. In: International conference on future computer and communication, 2009. ICFCC 2009. April 2009. p. 700-3.
59. Kalafut AJ, Van Der Merwe J, Gupta M. Communities of interest for internet traffic prioritization. In: IEEE INFOCOM workshops 2009, 2009. p. 1-6.
60. T. Karagiannis, K. Papagiannaki, and M. Faloutsos BLINC multilevel traffic classification in the dark SIGCOMM Computer Communication Review 35 August (4) 2005 229 240
61. Ke-xin Y, Jian-qi Z. A novel DoS detection mechanism. In: 2011 international conference on mechatronic science, electric engineering and computer (MEC), 2011. p. 296-8.
62. Kerr DR, Bruins BL. Network flow switching and flow data export. US Patent Number US 6243667, 2001.
63. Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee K. Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of the 2008 ACM CoNEXT conference, CoNEXT '08, New York, NY, USA: ACM; 2008. p. 11:1-12.
64. Kim M-S, Kong H-J, Hong S-C, Chung S-H, Hong JW. A flow-based method for abnormal network traffic detection. In: Network operations and management symposium, 2004. NOMS 2004. IEEE/IFIP, vol. 1, April 2004. p. 599-612.
65. Kind A, Gantenbein D, Etoh H. 2006 Relationship discovery with netflow to enable business-driven IT management. In: The first IEEE/IFIP international workshop on business-driven IT management, 2006, BDIM '06, April 2006. p. 63-70.
66. Kitatsuji Y, Yamazaki K. A distributed real-time tool for IP-flow measurement. In: 2004 international symposium on applications and the Internet, 2004. Proceedings, 2004. p. 91-8.
67. Köandgel J. One-way delay measurement based on flow data: quantification and compensation of errors by exporter profiling. In: 2011 International conference on information networking (ICOIN), 2011. p. 25-30.
68. Kobayashi A, Toyama K. Method of measuring VoIP traffic fluctuation with selective sFlow. In: 2007 International symposium on applications and the internet workshops. IEEE; 2007. p. 89.
69. Kotsokalis C, Kalogeras D, Maglaris B. Router-based detection of DoS and DDoS attacks. In: Proceedings of HP OpenView university association HPOVUA 8th annual workshop, 2001.
70. Krmicek V, Vykopal, J, Krejci R. Netflow based system for NAT detection. In: Proceedings of the 5th international student workshop on emerging networking experiments and technologies. ACM; 2009. p. 23-4.
71. S.R. Kundu, S. Pal, K. Basu, and S.K. Das An architectural framework for accurate characterization of network traffic IEEE Transactions on Parallel and Distributed Systems 20 1 2009 111 123
72. A. Lakhina, M. Crovella, and C. Diot Mining anomalies using traffic feature distributions SIGCOMM Computer Communication Review 35 August (4) 2005 217 228
73. A. Lakhina, K. Papagiannaki, M. Crovella, C. Diot, E.D. Kolaczyk, and N. Taft Structural analysis of network traffic flows SIGMETRICS Performance Evaluation Review 32 June (1) 2004 61 72
74. Lakkaraju K, Yurcik W, Lee AJ. NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, vol. 29, 2004. p. 65-72.
75. S. Lau The spinning cube of potential doom Communications of the ACM 47 June (6) 2004 25 26
76. C.-y. Lee, H.-k. Kim, K.-h. Ko, and J.-w. Kim A VoIP traffic monitoring system based on NetFlow v9 International Journal of Advanced Science and Technology 4 2009 1 8
77. Lee M, Hajjat M, Kompella RR, Rao S. RelSamp: preserving application structure in sampled flow measurements. In: INFOCOM, 2011 Proceedings IEEE, April 2011. p. 2354-62.
78. Lee M, Member S, Duffield N. Opportunistic flow-level latency estimation using consistent NetFlow. IEEE/ACM Transaction on Networking 2011:1-14.
79. Lee Y, Kang W, Lee Y. A hadoop-based packet trace processing tool. In: Proceedings of the third international conference on traffic monitoring and analysis, TMA'11. Berlin, Heidelberg: Springer-Verlag; 2011. p. 51-63.
80. Li Y. Study of the monitoring model for securities trading network Quality of Service. In: 2nd international conference on information science and engineering (ICISE), 2010, 2010. p. 1-4.
81. C. Liang, and G. Jian Fast application-level traffic classification using Net Flow records Journal on Communications 33 1 2012 145 152
82. Liu D, Huebner F. Application profiling of IP traffic. In: 27th annual IEEE conference on local computer networks, 2002. Proceedings. LCN 2002, 2002. p. 220-9.
83. Liu X-W, Wang H-Q, Liang Y, Lai J-B. Heterogeneous multi-sensor data fusion with multi-class support vector machines: creating network security situation awareness. In: 2007 international conference on machine learning and cybernetics, vol. 5, 2007. p. 2689-94.
84. Mansman F, Meier L, Keim DA. Visualization of host behavior for network security. Network Security 2007:187-202.
85. Mansmann F, Fischer F, Keim DA, Pietzko S, Waldvogel M. Interactive analysis of netflows for misuse detection in large IP networks. In: Müller P, Neumair B, Rodosek GD, editors. DFN-Forum Kommunikationstechnologien, LNI, vol. 149, GI, 2009. p. 115-24.
86. McPherson J, Ma K-L, Krystosk P, Bartoletti T, Christensen M. PortVis: a tool for port-based detection of security events. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, VizSEC/DMSEC '04, ACM: New York, NY, USA; 2004. p. 73-81.
87. Melnikov N, Schönwälder J. Cybermetrics: user identification through network flow analysis. In: Stiller B, De Turck F, editors. Mechanisms for autonomous management of networks and services. Lecture notes in computer science, vol. 6155. Berlin, Heidelberg: Springer; 2010. p. 167-70.
88. Minarik P, Dymacek T. NetFlow data visualization based on graphs. Visualization for computer security, 2008. p. 144-51.
89. Minarik P, Vykopal J, Krmicek V. Improving host profiling with bidirectional flows. In: International conference on computational science and engineering, 2009. CSE '09, vol. 3, 2009. p. 231-7.
90. Moghaddam S, Helmy A. SPIRIT: a simulation paradigm for realistic design of mature mobile societies. In: Wireless communications and mobile computing conference (IWCMC), 2011 7th international, July 2011. p. 232-7.
91. Morariu C, Kramis T, Stiller B. DIPStorage: distributed storage of IP flow records. In: 16th IEEE workshop on local and metropolitan area networks, 2008. LANMAN 2008. 2008. p. 108-13.
92. Morariu C, Racz P, Stiller B. SCRIPT: a framework for scalable real-time ip flow record analysis. In: Network operations and management symposium (NOMS), 2010 IEEE, April 2010. p. 278-85.
93. Morariu C, Stiller B. DiCAP: distributed packet capturing architecture for high-speed network links. In: 33rd IEEE conference on local computer networks, 2008. LCN 2008, 2008. p. 168-75.
94. Morariu C, Stiller B. Distributed architecture for real-time traffic analysis. In: Proceedings of the mechanisms for autonomous management of networks and services, and 4th international conference on autonomous infrastructure, management and security, AIMS'10. Springer-Verlag: Berlin, Heidelberg; 2010. p. 171-4.
95. Morariu C, Stiller B. An open architecture for distributed IP traffic analysis (DITA). In: 2011 IFIP/IEEE international Symposium on integrated network management (IM), May 2011. p. 952-7.
96. Morken JT. Distributed NetFlow processing using the map-reduce model. Master's thesis, Norwegian University of Science and Technology; 2010.
97. Nagaraj K, Naidu KVM, Rastogi R, Satkin S. Efficient aggregate computation over data streams. In: IEEE 24th international conference on data engineering, 2008. ICDE 2008. April 2008. p. 1382-4.
98. NetFlow applications 〈 http://netflow.caligare.com/applications.htm 〉. Retrieved September 13, 2012.
99. NFSen - Netflow Sensor. 〈 http://nfsen.sourceforge.net/ 〉. Retrieved September 13, 2012.
100. T.T.T. Nguyen, and G. Armitage A survey of techniques for Internet traffic classification using machine learning Communications Surveys Tutorials, IEEE 10 4 2008 56 76
101. S.M. Nor, and A.B. Mohd Towards a flow-based internet traffic classification for bandwidth optimization International Journal of Computer Science and Security 3 3 2009 146
102. Oberheide J, Goff M, Karir M. Flamingo: visualizing internet traffic. In: Network operations and management symposium, 2006. NOMS 2006. 10th IEEE/IFIP, April 2006. p. 150-61.
103. Oslebo A. Stager a web based application for presenting network statistics. In: Network operations and management symposium, 2006. NOMS 2006. 10th IEEE/IFIP, April 2006, p. 1-15.
104. Patwari N, Hero AO, Pacholski A. Manifold learning visualization of network traffic data. In: Proceeding of the 2005 ACM SIGCOMM workshop on mining network data MineNet 05, 2005. p. 191.
105. Perelman V, Melnikov N, Schönwälder J. Flow signatures of popular applications. In: Agoulmine N, Bartolini C, Pfeifer T, O'Sullivan D, editors. Integrated network management, IEEE; 2011. p. 9-16.
106. Plonka D. FlowScan: a network traffic flow reporting and visualization tool. In: Proceedings of the 14th USENIX conference on system administration. Berkeley, CA, USA: USENIX Association; 2000. p. 305-18.
107. A. Proto, L.A. Alexandre, M.L. Batista, I.L. Oliveira, and A.M. Cansian Statistical model applied to netflow for network intrusion detection Transactions on Computational Science 11 2010 179 191
108. Qun W, Xiuyue D, Lu H. Novelty P2P flow analysis system. In: 7th International conference on wireless communications, networking and mobile computing (WiCOM), 2011, 2011. p. 1-4.
109. Rehak M, Pechoucek M, Celeda P, Krmicek V, Grill M, Bartos K. Multi-agent approach to network intrusion detection. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems demo papers. International foundation for autonomous agents and multiagent systems, 2008. p. 1695-6.
110. Rehak M, Pechoucek M, Minarik P. Collaborative attack detection in high-speed networks. Analysis. Lecture notes in artificial intelligence, vol. 4696. 2007. p. 73-82.
111. P. Ren, Y. Gao, Z. Li, Y. Chen, and B. Watson IDGraphs intrusion detection and analysis using stream compositing Computer Graphics and Applications IEEE 26 2 2006 28 39
112. Ricciato F, Strohmeier F, Dorfinger P, Coluccia A. One-way loss measurements from IPFIX records. In: 2011 IEEE international workshop on measurements and networking proceedings (M N), 2011. p. 158-63.
113. Rohmad MS, Azmat F, Manaf M, Manan J-l. Enhanced Netflow version 9 (e-Netflow v9) for network mediation: structure, experiment and analysis. In: International symposium on information technology, 2008. ITSim 2008, vol. 3, 2008. p. 1-6.
114. Rossi D, Valenti S. Fine-grained traffic classification with netflow data. In: Proceedings of the 6th international wireless communications and mobile computing conference on ZZZ IWCMC 10, 2010. p. 479.
115. sFlow Collectors. 〈 http://www.sflow.org/products/collectors.php 〉. Retrieved September 13, 2012.
116. Sawaya Y, Kubota A, Miyake Y. Detection of attackers in services using anomalous host behavior based on traffic flow statistics. In: 2011 IEEE/IPSJ 11th international symposium on applications and the internet (SAINT), July 2011. p. 353-9.
117. Schatzmann D, Leinen S, Kögel J, Mühlbauer W. FACT: flow-based approach for connectivity tracking. In: Spring N, Riley GF, editors. PAM, Lecture notes in computer science, vol. 6579. Springer; 2011. p. 214-23.
118. Schatzmann D, Mühlbauer W, Spyropoulos T, Dimitropoulos X. Digging into HTTPS: flow-based classification of webmail traffic. In: Proceedings of the 10th annual conference on internet measurement, IMC '10. New York, NY, USA: ACM; 2010. p. 322-7.
119. Sekar V, Reiter MK, Willinger W, Zhang H, Kompella RR, Andersen DG. cSamp: a system for network-wide flow monitoring. In: Proceedings of the 5th USENIX NSDI, San Francisco, CA, April 2008.
120. D.S. Shelley, and M.H. Gunes Gerbilsphere inner sphere network visualization Computer Networks 56 3 2012 1016 1028
121. Shen W, Chen Y, Zhang Q, Chen Y, Deng B, Li X, et al. Observations of IPv6 traffic. In: ISECS international colloquium on computing, communication, control, and management, 2009. CCCM 2009, vol. 2, 2009. p. 278-82.
122. Singh MP, Subramanian N, Rajamenakshi R. Visualization of flow data based on clustering technique for identifying network anomalies. In: IEEE symposium on industrial electronics applications, 2009. ISIEA 2009, vol. 2, 2009. p. 973-8.
123. Sinha A, Mitchell K, Medhi D. Flow-level upstream traffic behavior in broadband access networks: DSL versus broadband fixed wireless. In: 3rd IEEE workshop on IP operations and management, 2003. (IPOM 2003). 2003. p. 135-41.
124. Slagell AJ, Luo K. Sharing network logs for computer forensics: a new tool for the anonymization of netflow records. In: Workshop of the 1st international conference on security and privacy for emerging areas in communication networks 2005, 2005. p. 37-42.
125. Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy, 2010. p. 305-16.
126. M. Soysal, and E.G. Schmidt Machine learning algorithms for accurate flow-based network traffic classification evaluation and comparison Performance Evaluation 67 June (6) 2010 451 467
127. Sperotto A, Pras A. Flow-based intrusion detection. In: Agoulmine N, Bartolini C, Pfeifer T, O'Sullivan D, editors. Integrated network management. IEEE; 2011. p. 958-63.
128. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller An overview of ip flow-based intrusion detection Communications Surveys Tutorials, IEEE 12 3 2010 343 356
129. Strasburg C, Krishnan S, Dorman K, Basu S, Wong JS. Masquerade detection in network environments. In: 10th IEEE/IPSJ international symposium on applications and the Internet (SAINT), 2010, July 2010. p. 38-44.
130. Strohmeier F, Dorfinger P, Trammell B. Network performance evaluation based on flow data. In: Wireless communications and mobile computing conference (IWCMC), 2011 7th International, July 2011. p. 1585-9.
131. Sukhov AM, Sidelnikov DI, Galtsev AA, Platonov AP, Strizhov MV. Active flows in diagnostic of troubleshooting on backbone links. CoRR, abs/0911.2, 2009.
132. Taylor T, Brooks S, McHugh J. NetBytes viewer: an entity-based NetFlow visualization utility for identifying intrusive behavior. VizSEC 2007, 2008. p. 101-14.
133. Taylor T, Paterson D, Glanfield J, Gates C, Brooks S, McHugh J. FloVis: flow visualization system. In: Conference for homeland security, 2009. CATCH '09. Cybersecurity applications technology, March 2009. p. 186-98.
134. Trammell B, Tellenbach B, Schatzmann D, Burkhart M. Peeling away timing error in netflow data. In: Spring N, Riley GF, editors. PAM, Lecture notes in computer science, vol. 6579. Springer; 2011. p. 194-203.
135. P. Truong, and F. Guillemin A heuristic method of finding heavy hitter prefix pairs in IP traffic Communications Letters, IEEE 13 October (10) 2009 803 805
136. Valenti S, Rossi D. Identifying key features for P2P traffic classification. In: 2011 IEEE international conference on communications, ICC. IEEE; 2011. p. 1-6.
137. Vliek G. Detecting spam machines, a netflow-data based approach. February 2009.
138. Vykopal J, Plesnik T, Minarik P. Network-based dictionary attack detection. In: 2009 international conference on future networks, March 2009. p. 23-7.
139. Wagner A, Dubendorfer T, Hammerle L, Plattner B. Flow-based identification of P2P heavy-hitters. International conference on internet surveillance and protection, 00(c), 2006. p. 15.
140. Wagner C, François J, State R, Engel T. Machine learning approach for IP-flow record anomaly detection. In: Proceedings of the 10th international IFIP TC 6 conference on Networking - volume part I, NETWORKING'11. Berlin, Heidelberg: Springer-Verlag; 2011. p. 28-39.
141. Wagner C, Francois J, State R, Engel T. DANAK: finding the odd! In: 5th International conference on network and system security (NSS), 2011, 2011. p. 161-8.
142. Wagner C, Wagener G, State R, Engel T, Dulaunoy A. Game theory driven monitoring of spatial-aggregated IP-Flow records. In: 2010 International conference on network and service management (CNSM), 2010. p. 463-8.
143. Wang S, Guo R. GA-based filtering algorithm to defend against DDoS attack in high speed network. In: Fourth international conference on natural computation, 2008. ICNC '08. vol. 1, 2008. p. 601-7.
144. Wei S, Mirkovic J, Kissel E. Profiling and clustering internet hosts. In: DMIN'06, 2006. p. 269-75.
145. D. Weinberger The machine that would predict the future Scientific American 305 6 2011 52 57
146. Weststrate H. Botnet detection using netflow information finding new botnets based on client connections. In: Structure, 2009.
147. Winter P, Hermann E, Zeilinger M. Inductive intrusion detection in flow-based network data using one-class support vector machines. In: 4th IFIP international conference on new technologies, mobility and security (NTMS), 2011, 2011. p. 1-5.
148. Xu B, Chen M, Hu C. DEAPFI: a distributed extensible architecture for P2P flows identification. In: IEEE international conference on network infrastructure and digital content, 2009. IC-NIDC 2009. 2009. p. 59-64.
149. Xu K, Wang F, Gu L. Network-aware behavior clustering of Internet end hosts. In: INFOCOM, 2011 Proceedings IEEE, April 2011. p. 2078-86.
150. K. Xu, Z.-L. Zhang, and S. Bhattacharyya Profiling Internet backbone traffic behavior models and applications SIGCOMM Computer Communication Review 35 August (4) 2005 169 180
151. Yin K, Nianqing T. Study on the risk detection about network security based on grey theory. In: International forum on information technology and applications, 2009. IFITA '09, vol. 1, May 2009. p. 411-3.
152. Yin X, Yurcik W, Treaster M, Li Y, Lakkaraju K. VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, VizSEC/DMSEC '04. ACM; 2004. p. 26-34.
153. Zadnik M, Pecenka T, Korenek J. Netflow probe intended for high-speed networks. In: International conference on field programmable logic and applications, 2005. 2005. p. 695-8.
154. Zeng Y, Hu X, Shin KG. Detection of botnets using combined host- and network-level information. In: Symposium a quarterly journal in modern foreign literatures, 2010. p. 291-300.
155. Zha W, He J. On campus network P2P and its link control. In: 2011 international conference on consumer electronics, communications and networks (CECNet), April 2011. p. 5086-9.
156. H. Zhang Study on the TOPN abnormal detection based on the netflow data set Computer and Information Science 2 3 2009 103 108
157. Zhang J, Meng S. A design of NetFlow traffic statistic and analysis system for process of the transition of commercialization of IPV6. In: 2011 International conference on computer science and service system (CSSS), June 2011. p. 963-5.
158. Y.B. Zhang, B.B. Fang, and H. Luo Identifying high-rate flows based on sequential sampling Ieice Transactions on Information and Systems E93-D 5 2010 1162 1174
159. Zhenqi W, Xinyu W. NetFlow based intrusion detection system. In: 2008 International conference on multimedia and information technology, 2008. p. 825-8.
160. Zhu H, Zhang X, Ding W. Research on errors of utilized bandwidth measured by netflow. In: 2011 Second international conference on networking and distributed computing (ICNDC), 2011. p. 45-9.
161. Zhu Z, Lu G, Chen Y, Fu ZJ, Roberts P, Han K. Botnet research survey. In: Computer software and applications, 2008. COMPSAC '08. 32nd annual IEEE international, 2008. p. 967-72.