% DCF and FIV, March 2017
% Meta-analysis results (summary), flow-based

% Packet vs Flows
% ---------------
Total papers, 71
Papers defining flow-analysis, 59
Papers defining packet-analysis, 12

% Flow-keys
% ---------------
% False: one-directional flows
% True, separate_directions: bi-directional flows

% key, nr_of_uses
False ['destinationIPv4Address', 'sourceIPv4Address'], 2
separate_directions ['destinationIPv4Address', 'destinationTransportPort', 'protocolIdentifier', 'sourceIPv4Address', 'sourceTransportPort'], 23
False ['destinationIPv4Address', 'destinationTransportPort', 'ingressPhysicalInterface', 'ipClassOfService', 'protocolIdentifier', 'sourceIPv4Address', 'sourceTransportPort'], 2
True ['destinationIPv4Address', 'destinationTransportPort', 'sourceIPv4Address', 'sourceTransportPort'], 1
False ['destinationIPv4Address', 'destinationTransportPort', 'octetTotalCount', 'protocolIdentifier', 'sourceIPv4Address', 'sourceTransportPort'], 1
False ['destinationIPv4Address', 'destinationTransportPort', 'protocolIdentifier', 'sourceIPv4Address', 'sourceTransportPort'], 3
False ['destinationIPv4Address', 'protocolIdentifier', 'sourceIPv4Address'], 2
separate_directions ['destinationIPv4Address', 'destinationTransportPort', 'flowStartSeconds', 'sourceIPv4Address', 'sourceTransportPort'], 1
separate_directions ['destinationIPv4Address', 'destinationTransportPort', 'sourceIPv4Address', 'sourceTransportPort'], 3
False ['destinationIPv4Address', 'destinationTransportPort', 'sourceIPv4Address', 'sourceTransportPort'], 2
separate_directions [], 1 % no key, flow aggregation
False ['destinationIPv4Address', 'sourceIPv4Address', 'sourceTransportPort'], 1
True ['destinationIPv4Address', 'sourceIPv4Address'], 1
True ['destinationIPv4Address', 'destinationTransportPort', 'protocolIdentifier', 'sourceIPv4Address', 'sourceTransportPort'], 5
True [], 5 % no key, flow aggregation
False ['destinationIPv4Address', 'destinationTransportPort', 'protocolIdentifier', 'sourceIPv4Address'], 1

Analysis with flow-key, 48
Analysis with flow aggregation, 6
Analysis with 5-tuple {srcIP|dstIP|srcPort|dstPort|protocol}, 31
Bi-directional analysis (flow-key), 34 
One-directional analysis (flow-key), 14