Tools for managing network traffic flows: A comparative analysis

Over the years the number of elements in a corporate network, the services and the amount of traffic have grown significantly. For this reason, it is increasingly important to analyze the traffic. Packet-based analysis is the traditional option but entails a high resources consumption. In order to palliate this, flow-based analysis arises. It usually implies to deploy a flow exporter, responsible of generating the flows from the network packets, and a flow collector, in charge of receiving, storing and preprocessing the exported flows. This paper provides a study on flow exporters and collectors. To the best of our knowledge, there is little work dealing with the resources consumed by this kind of tools. Specifically, available memory, CPU load and volume of traffic have been monitored. Using a well-known dataset, packets have been sent to exporters and collectors in order to observe how they behave.

[1]  Aiko Pras,et al.  A Labeled Data Set for Flow-Based Intrusion Detection , 2009, IPOM.

[2]  Brian Trammell,et al.  YAF: Yet Another Flowmeter , 2010, LISA.

[3]  Aiko Pras,et al.  Towards real-time intrusion detection for NetFlow and IPFIX , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[4]  Sasan Adibi,et al.  Traffic classification: Packet-, flow-, and application-based approaches , 2010 .

[5]  Benoit Claise,et al.  Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information , 2013, RFC.

[6]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[7]  Ramin Sadre,et al.  Flow-based Approaches in Network Management: Recent Advances and Future Trends , 2014, Int. J. Netw. Manag..

[8]  Benoit Claise,et al.  Information Model for IP Flow Information Export (IPFIX) , 2013, RFC.

[9]  Jürgen Quittek,et al.  Requirements for IP Flow Information Export (IPFIX) , 2004, RFC.

[10]  Yacine Ghamri-Doudane,et al.  Traffic monitoring in home networks: Enhancing diagnosis and performance tracking , 2015, IWCMC.

[11]  George Bebis,et al.  A survey of network flow applications , 2013, J. Netw. Comput. Appl..

[12]  Aiko Pras,et al.  Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX , 2014, IEEE Communications Surveys & Tutorials.

[13]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[14]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[15]  Benoit Claise,et al.  Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information , 2008, RFC.

[16]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.