Scalable and Robust Decentralized IP Traffic Flow Collection and Analysis (SCRIPT)

The increasing number of IP flows over future very high-speed links will become a challenge to traditional centralized solutions for IP traffic flow collection and analysis due to the high demand of storage and processing resources which are limited and costly. Major research has been done in finding smart sampling methods that reduce the number of IP packets and IP flows that need to be processed and stored while keeping a high level of accuracy. While sampling has proven to be a valid approach to reduce the processing and storage load, for certain applications such as usage-based accounting and intrusion detection which require a high-level of accuracy, the use of sampling methods alone will not suffice for a centralized solution to scale to the increasing and highly variable load in terms of IP flow records to be collected and analyzed.

General Information

Reference: Industrial Project
Source of funding: Cisco, Silicon Valley Community Foundation
Project Duration: May 1, 2008 - April 30, 2009
Official Project Home Page:

Project Overview

The goal of the SCRIPT project is to develop a scalable and robust decentralized architecture (called SCRIPT) for collecting and analyzing IP flow records with the necessary level of accuracy. The key idea is to utilize resources of a large number of nodes, which collaboratively store and process IP flow records in a highly scalable, robust, and flexible manner.

Furthermore, the project aims to develop self-configuration mechanisms that will allow new nodes to be easily added to or removed from the flow collection and analysis network. An important advantage of this approach is the possibility to gradually increase storage and processing capacities compared to a complete replacement of devices when the number of IP flows increases.

Finally, by offering fast access to multiple-resolution aggregation of flow data, SCRIPT will be applicable to several IP traffic analysis scenarios such as flow accounting, flow path monitoring, and distributed intrusion detection systems (IDS).



  • Cristian Morariu, Burkhard Stiller: A Distributed Architecture for IP Traffic Analysis. 1st Internationmal Conference on Autonomous Infrastructure, Management, and Security (AIMS 2007), June 21-22, 2007, Oslo, Norway, Edts.: A. K. Bandara, M. Burgess, Lecture Notes in Computer Science (LNCS), Vol. 4543, ISBN 3-540-72985-2, Springer, Berlin, pp 216-220.
  • Cristian Morariu, Manuel Feier, Burkhard Stiller: LINUBIA: A Linux-supported User-based IP Accounting, 18th IFIP/IEEE International Workshop on Distributed Systems: Operation and Management (DSOM 2007), October 29-31, 2007, San José, California, U.S.A. Edts.: Alexander Clemm, Lisandro Granville, Rolf Stadler, Lecture Notes in Computer Science (LNCS), Vol. 4785, ISBN: 3-540-75693-0, Springer, Berlin, pp 229-241.

UZH Personnel


Inquiries may be directed to the local Swiss project management:

Prof. Dr. Burkhard Stiller
University of Zürich, IFI
Binzmühlestrasse 14
CH-8050 Zürich
Phone: +41 44 635 67 10
Fax: +41 44 635 68 09