Flow Aggregator Module for Analysing Network Traffic

  • Nour MoustafaEmail author
  • Gideon Creech
  • Jill Slay
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 710)


Network flow aggregation is a significant task for network analysis, which summarises the flows and improves the performance of intrusion detection systems (IDSs). Although there are some well-known flow analysis tools in the industry, such as NetFlow, sFlow and IPFIX, they can only aggregate one attribute at a time which increases networks’ overheads while running network analysis. In this paper, to address this challenge, we propose a new flow aggregator module which provides promising results compared with the existing tools using the UNSW-NB15 data set.


Network flow aggregation Intrusion detection system (IDS) Sampling techniques Association rule mining (ARM) 


  1. 1.
    Ahmed, M., Mahmood, A.N., Maher, M.J.: A novel approach for network traffic summarization. In: International Conference on Scalable Information Systems, pp. 51–60. Springer (2014)Google Scholar
  2. 2.
    Carela-Español, V., Barlet-Ros, P., Cabellos-Aparicio, A., Solé-Pareta, J.: Analysis of the impact of sampling on netflow traffic classification. Computer Networks 55(5), 1083–1099 (2011)Google Scholar
  3. 3.
    Cecil, A.: A summary of network traffic monitoring and analysis techniques. In: Conference on Instruction & Technology (CIT), pp. 10–25 (2012)Google Scholar
  4. 4.
    Cochran, W.G.: Sampling techniques. John Wiley & Sons (2007)Google Scholar
  5. 5.
    Duffield, N.: Sampling for passive internet measurement: A review. Statistical Science pp. 472–498 (2004)Google Scholar
  6. 6.
    Hulboj, M.M., Jurga, R.E.: Packet sampling and network monitoring (2007)Google Scholar
  7. 7.
    Kerr, D.R., Bruins, B.L.: Network flow switching and flow data export (2009). US Patent 7,475,156Google Scholar
  8. 8.
    Li, B., Springer, J., Bebis, G., Gunes, M.H.: A survey of network flow applications. Journal of Network and Computer Applications 36(2), 567–581 (2013)Google Scholar
  9. 9.
    Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: Central points (2015)Google Scholar
  10. 10.
    Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, pp. 25–31. IEEE (2015)Google Scholar
  11. 11.
    Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6. IEEE (2015)Google Scholar
  12. 12.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective 25(1–3), 18–31 (2016)Google Scholar
  13. 13.
    Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data 99, 1–1 (2017).
  14. 14.
    Nikolai, J., Wang, Y.: Hypervisor-based cloud intrusion detection system. In: Computing, Networking and Communications (ICNC), 2014 International Conference on, pp. 989–993. IEEE (2014)Google Scholar
  15. 15.
    Rieke, M., Dennis, J.S., Thorson, S.R.: Systems and methods for network data flow aggregation (2015). US Patent App. 14/974,378Google Scholar
  16. 16.
    Shirali-Shahreza, S., Ganjali, Y.: Flexam: flexible sampling extension for monitoring and security applications in openflow. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 167–168. ACM (2013)Google Scholar
  17. 17.
    Zhang, Y., Binxing, F., Hao, L.: Identifying high-rate flows based on sequential sampling. IEICE TRANSACTIONS on Information and Systems 93(5), 1162–1174 (2010)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.The Australian Centre for Cyber SecurityUniversity of New South WalesCanberraAustralia

Personalised recommendations