The NEMEA project (Network Measurements Analysis) aims to create a framework which allows an assembly of a system for automated real-time analysis of data gathered by network monitoring processes.

Such a system consists of separate building blocks called modules which are interconnected by interfaces. A module is a separate system process receiving a stream of data on its input interface(s), processing it, and sending another stream of data through module’s output interfaces(s). There are modules for data acquisition (e.g. receiving NetFlow/IPFIX records), preprocessing, detection of various types of malicious traffic or anomalies (network attacks, link failure…), postprocessing of detection results, logging and reporting.

Diagram with an example of a Nemea system

Example of a Nemea system

The key features of the NEMEA Framework are:

  • Modularity and flexibility
  • High throughput ( >100k flows/s on single server)
  • Stream-wise real-time processing
  • Distributability
  • Quick and easy implementation of new modules

The NEMEA Framework implements the communication layer, flexible format called UniRec and other common tasks.

Get the project

The project is developed at github:

There are some out-of-box instances for experiments in Releases:

RPM packages are released at Copr:

Further information

More information about this project can be found at project’s web:

We have a separate mailing list:

You can follow us on Twitter: @NEMEA_System