SCRIPT: A framework for Scalable Real-time IP Flow Record Analysis

Analysis of IP traffic is highly important, since it determines the starting point of many network management operations, such as intrusion detection, network planning, network monitoring, or accounting and billing. One of the most utilized metering data formats in analysis applications are IP (Internet Protocol) flow records. With the increase of IP traffic, such traffic analysis applications need to cope with a constantly increasing number of flow records. Typically, centralized approaches to IP traffic analysis have scalability problems, which are addressed by replacing existing hardware with more powerful CPUs and faster memory. In contrast, this paper developed and implemented SCRIPT (Scalable Real-time IP Flow Record Analysis), which defines a scalable analysis framework that can be used to distribute flow records to multiple nodes performing traffic analysis in order to balance the overall workload among those nodes. Due to its generic design, the framework developed can be extended and used to distribute other metering data, such as packet headers, payloads, or accounting records.