search menu icon-carat-right cmu-wordmark

IPFIX and DPI Information in a Big Data Environment

This presentation describes several tools for processing IPFIX flow data with DPI details.

Software Engineering Institute



This presentation was given at FloCon 2023, an annual conference that focuses on applying any and all collected data to defend enterprise networks.

Classic flow processing tool suites have analyzed network connection summaries with limited detail. Such limits have been used to maintain long-baseline data, to focus on security-indicative data, and to collect data across very large or complex network infrastructures. However, analysis results based on this data typically provide only indications of behaviors rather than identifying behaviors with high confidence. In this talk, we will show how to increase confidence in identification with the use of IPFX flow data with Deep Packet Inspection (DPI) details. We will discuss processing solutions which operate in Apache Spark environments, facilitating analysis with the power and flexibility of development features and libraries that such environments provide. We will conclude with an example analysis showing the application of DPI in identifying network behaviors.

Attendees will learn about several tools for processing IPFIX flow data with DPI details. The analysis capabilities of Apache Spark will also be summarized. The example will highlight the applicability of this data in network security.

Part of a Collection

FloCon 2023 Assets

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.