Cross-Domain Elephant Flow Detection: A Unified Machine Learning Approach with Application-Aware and Security Features

Tabidah Usmani (National University of Computer; Emerging Sciences); Sara Zahid (National University of Computer; Emerging Sciences); Amna Javaid (National University of Computer; Emerging Sciences)

arXiv:2512.20637·cs.NI·December 25, 2025

Cross-Domain Elephant Flow Detection: A Unified Machine Learning Approach with Application-Aware and Security Features

Tabidah Usmani (National University of Computer, Emerging Sciences), Sara Zahid (National University of Computer, Emerging Sciences), Amna Javaid (National University of Computer, Emerging Sciences)

PDF

Open Access

TL;DR

This paper introduces a unified machine learning framework for cross-domain elephant flow detection, incorporating application-aware and security features to improve robustness and accuracy across diverse network environments.

Contribution

It presents a novel cross-domain elephant flow detection approach that combines adaptive thresholding, comprehensive feature engineering, and evaluation across multiple datasets.

Findings

01

Significant performance variation across domains (F1-scores 0.37 to 0.97)

02

Unified model achieves an F1 score of 0.99 in cross-validation

03

Size-based features are most influential, but application-aware features enhance accuracy

Abstract

Network traffic classification, particularly elephant flow detection, faces significant challenges when deployed across heterogeneous network environments. While existing approaches demonstrate high accuracy within single domains, they suffer from poor generalization due to domain shift phenomena. This paper presents a unified machine learning framework for cross domain elephant flow detection that incorporates application aware and security features to enhance robustness across diverse network environments. Our approach addresses the critical gap in existing literature by evaluating model performance across three distinct domains: Campus networks, UNSW-NB15, and CIC-IDS2018 datasets. This paper proposes a unified pipeline that employs adaptive thresholding, comprehensive feature engineering, and cross-domain evaluation to quantify and mitigate domain shift effects. Experimental results…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Advanced Malware Detection Techniques