Go with the (net)flow: a tale of fixing ML-based network flow analysis

No ratings

Presented at No Hat 2025 by

Ermes Pennucci

Antonio Repola

In the context of network intrusion detection, machine learning (ML)-based flow analysis is extremely common in the scientific literature. The first step of flow analysis is the process of parsing network packets and generating a list of network streams, a task performed by tools known as flow generators. As part of our research efforts in the field of ML-based network intrusion detection, we identified a number of issues in one of the most widely used tools. In this presentation, we will introduce our open-source tool, NetFlowMeter, and provide an overview of the problems it aims to address, focusing on both correctness and performance. Furthermore, we will explore some of our use cases in real-world scenarios for detecting network-based attacks.