CICFlowMeter (Formerly ISCXFlowMeter)

Network traffic Flow analyzer:

NetFlowMeter is a network traffic flow generator which has been written in Java and offers more flexibility in terms of choosing the features you want to calculate, adding new ones, and also having a better control of the duration of the flow timeout. CICFlowMeter generates Bidirectional Flows (Biflow), where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the 83 statistical features such as Duration, Number of packets, Number of bytes, Length of packets, etc are also calculated separately in the forward and reverse direction. The output of the application is the CSV file format with six columns labeled for each flow, namely FlowID, SourceIP, DestinationIP, SourcePort, DestinationPort, and Protocol with more than 80 network traffic features. Note that TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme, e.g. 600 seconds for both TCP and UDP.

Feature NameDescription
FedurationDuration of the flow in Microsecond
total_fpacketsTotal packets in the forward direction
total_bpacketsTotal packets in the backward direction
total_fpktlTotal size of packet in forward direction
total_bpktlTotal size of packet in backward direction
min_fpktlMinimum size of packet in forward direction
min_bpktlMinimum size of packet in backward direction
max_fpktlMaximum size of packet in forward direction
max_bpktlMaximum size of packet in backward direction
mean_fpktlMean size of packet in forward direction
mean_bpktlMean size of packet in backward direction
std_fpktlStandard deviation size of packet in forward direction
std_bpktlStandard deviation size of packet in backward direction
total_fiatTotal time between two packets sent in the forward direction
total_biatTotal time between two packets sent in the backward direction
min_fiatMinimum time between two packets sent in the forward direction
min_biatMinimum time between two packets sent in the backward direction
max_fiatMaximum time between two packets sent in the forward direction
max_biatMaximum time between two packets sent in the backward direction
mean_fiatMean time between two packets sent in the forward direction
mean_biatMean time between two packets sent in the backward direction
std_fiatStandard deviation time between two packets sent in the forward direction
std_biatStandard deviation time between two packets sent in the backward direction
fpsh_cntNumber of times the PSH flag was set in packets travelling in the forward direction (0 for UDP)
bpsh_cntNumber of times the PSH flag was set in packets travelling in the backward direction (0 for UDP)
furg_cntNumber of times the URG flag was set in packets travelling in the forward direction (0 for UDP)
burg_cntNumber of times the URG flag was set in packets travelling in the backward direction (0 for UDP)
total_fhlenTotal bytes used for headers in the forward direction
total_bhlenTotal bytes used for headers in the forward direction
fPktsPerSecondNumber of forward packets per second
bPktsPerSecondNumber of backward packets per second
flowPktsPerSecondNumber of flow packets per second
flowBytesPerSecondNumber of flow bytes per second
min_flowpktlMinimum length of a flow
max_flowpktlMaximum length of a flow
mean_flowpktlMean length of a flow
std_flowpktlStandard deviation length of a flow
min_flowiatMinimum inter-arrival time of packet
max_flowiatMaximum inter-arrival time of packet
mean_flowiatMean inter-arrival time of packet
std_flowiatStandard deviation inter-arrival time of packet
flow_finNumber of packets with FIN
flow_synNumber of packets with SYN
flow_rstNumber of packets with RST
flow_pshNumber of packets with PUSH
flow_ackNumber of packets with ACK
flow_urgNumber of packets with URG
flow_cwrNumber of packets with CWE
flow_eceNumber of packets with ECE
downUpRatioDownload and upload ratio
avgPacketSizeAverage size of packet
fAvgSegmentSizeAverage size observed in the forward direction
fAvgBytesPerBulkAverage number of bytes bulk rate in the forward direction
fAvgPacketsPerBulkAverage number of packets bulk rate in the forward direction
fAvgBulkRateAverage number of bulk rate in the forward direction
bAvgSegmentSizeAverage size observed in the backward direction
bAvgBytesPerBulkAverage number of bytes bulk rate in the backward direction
bAvgPacketsPerBulkAverage number of packets bulk rate in the backward direction
bAvgBulkRateAverage number of bulk rate in the backward direction
sflow_fpacketThe average number of packets in a sub flow in the forward direction
sflow_fbytesThe average number of bytes in a sub flow in the forward direction
sflow_bpacketThe average number of packets in a sub flow in the backward direction
sflow_bbytesThe average number of bytes in a sub flow in the backward direction
min_activeMinimum time a flow was active before becoming idle
mean_activeMean time a flow was active before becoming idle
max_activeMaximum time a flow was active before becoming idle
std_activeStandard deviation time a flow was active before becoming idle
min_idleMinimum time a flow was idle before becoming active
mean_idleMean time a flow was idle before becoming active
max_idleMaximum time a flow was idle before becoming active
std_idleStandard deviation time a flow was idle before becoming active
Init_Win_bytes_forwardThe total number of bytes sent in initial window in the forward direction
Init_Win_bytes_backwardThe total number of bytes sent in initial window in the backward direction
Act_data_pkt_forwardCount of packets with at least 1 byte of TCP data payload in the forward direction
min_seg_size_forwardMinimum segment size observed in the forward direction
For citation in your works or to learn more about CICFlowMeter, see the following published papers:

Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceedings of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017

Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, Characterization of Encrypted and VPN Traffic Using Time-Related Features", In the proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), pages 407-414, Italy, 2016

Our other published papers which used CICFlowMeter:
Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, Ali A. Ghorbani, "Towards a Reliable Intrusion Detection Benchmark Dataset", River Journal, Vol 2017, Issue 1, P 177-200, Software Networking Journal, River Publishers, 2017.

Arash Habibi Lashkari, Andi Fitriah A.Kadir, Hugo Gonzalez, Kenneth Fon Mbah and Ali A. Ghorbani, Towards a Network-Based Framework for Android Malware Detection and Characterization, In the proceeding of the 15th International Conference on Privacy, Security and Trust, PST, Calgary, Canada, 2017.

Arash Habibi Lashkari, Gerard Draper Gil, Jonathan Edward Keenan, Kenneth Fon Mbah, Ali A. Ghorbani, "A New Evaluation framework for Network Traffic base Botnet Detection Methods", 7th International Conference on Communication and Network Security (ICCNS), Japan, 2017.