History LogoHISTORY - HIgh Speed neTwork mOnitoRing and analYsis
RI Logo A research project by
Network Architectures and Services, Technische Universität München  &  Computer Networks and Communication Systems, University of Erlangen
i7 Logo


The aim of this project is to build an architecture, methods, and tools for distributed network monitoring and analysis. The HISTORY architecture allows gathering information about network traffic at high-speed and at distributed network monitors. The monitoring information is delivered to one or more collectors for further analysis using standardized protocols such as IPFIX (IP Flow Information eXport) and PSAMP (Packet SAMPling). Envisioned applications are accounting and charging, attack and intrusion detection, and traceback.Visualization techniques and anonymization methods round off the big picture. The studied analysis methods are validated in experimental environments as well as in simulated networks. Finally, we also investigate solutions for remotely configuring distributed network monitors.
The developed methodologies for monitoring, storing, analyzing high numbers of packets and flows are suitable for deployment on inexpensive low-end hardware. All published tools will be available under an open source license. The usage of standard protocols allows deploying other standard-conform products and implementations within our architecture and makes it possible to use selected components of our architecture in other contexts as well.

Project Objectives:

  • Building a distributed architecture for network monitoring and analysis 
  • Deployment of standardized protocols such as IPFIX and PSAMP for efficient export of monitoring information 
  • Development of methodologies for monitoring packets and flows in high-speed networks with inexpensive standard hardware (e.g. Linux PC) 
  • Remote configuration of network monitors
  • Research on and implementation of novel monitoring functions and useful protocol extensions 
  • Provision of a platform for a wide range of applications such as accounting, charging, traffic engineering, attack and intrusion detection, and traceback 
  • Study and implementation of appropriate anonymization techniques 
  • Research on flow-based anomaly detection
  • Validation in real-world scenarios, experimental environments, and simulated networks 
  • Development of tools for automated testbed configuration and flexible traffic generation in experimental environments


  • Network monitoring, flow accounting, packet sampling 
  • Traffic analysis 
  • Accounting, attack and intrusion detection, traceback 
  • Experimental environment, automated testbed setup, flexible traffic generation 
  • Network simulation