PIF-Identifier: Accurate Low-Overhead Identification of Persistent Infrequent Flows in Network Traffic
Bing Xiong1, Zhuoxiong Li1, Yongqing Liu1, Yu Tang1, Jinyuan Zhao2,*
1 School of Computer Science and Technology, Changsha University of Science and Technology, Changsha, China
2 School of Information Science and Engineering, Changsha Normal University, Changsha, China
* Corresponding Author: Jinyuan Zhao. Email: 
Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.078464
Received 31 December 2025; Accepted 28 February 2026; Published online 26 March 2026
Abstract
Persistent Infrequent Flows (PIFs) refer to the packet flows that last for a long time but always at low frequencies in network traffic. Accurate identification of the PIFs plays a vital role in intrusion detection, attack prevention, traffic engineering, and other network fields. However, existing methods often require to save all flows for finding out the PIFs due to their infrequency feature, which brings about the problem of low identification accuracy and high memory overhead. To solve this problem, this paper proposes an accurate PIF identification method with low overhead called PIF-Identifier, composed of a new-flow discriminator and a PIF tracker. Specifically, we first design a compact new-flow discriminator by applying probabilistic data structures, to quickly determine whether a packet flow arrives for the first time within current time window. Then we design a PIF tracker to accurately identify and report persistent infrequent flows. In the PIF tracker, we configure a small-size frequency counter for each tracked flow in accordance with the frequency threshold of the PIF, without sacrificing the accuracy of PIF identification. Furthermore, we design a probabilistic replacement strategy based on the number of time windows of flow persistence, to accommodate newly arrived potential PIFs when there is no vacancy in their mapped buckets of the PIF tracker. Finally, we evaluate the performance of our proposed PIF-Identifier by theoretical analysis and experimental verification with real network traffic traces. Experimental results indicate that the PIF-Identifier achieves the precision of 100%, much higher recall rate and F1 score, as well as lower average relative error than the state-of-the-art methods, significantly promoting the identification performance of persistent infrequent flows.
Keywords
Network traffic measurement; persistent infrequent flows; low-overhead PIF identification; new-flow discriminator; probabilistic replacement strategy
Open Access
Login
Register
Submit a Paper
Propose a Special lssue
Download PDF
Downloads
Citation Tools
