Authors: M. Jonker, A. Sperotto, et al. Venue: IFIP/IEEE IM 2019 Link: Search for "NetFlow-free" on IEEE Xplore or Google Scholar – there is a short but excellent paper showing that flow export is unnecessary for detecting many attacks.
The ELK Stack can be used to collect, store, and visualize NetFlow data.
(Search on arXiv: 2304.05678, or similar title) netflow free
However, a that directly addresses NetFlow-free traffic analysis is:
Setting up a free collector requires a small investment of time, but the return on investment is immediate: Authors: M
NetFlow is a built-in feature of your existing infrastructure waiting to be unlocked. By pairing the export capabilities of your routers with a free, open-source collector like NfSen or ElastiFlow, you gain a level of network transparency that rivals expensive commercial suites. In the modern era of networking, ignorance is the only thing that should be expensive—visibility can be free.
But for a approach, a classic and eye-opening paper is: Venue: IFIP/IEEE IM 2019 Link: Search for "NetFlow-free"
In the world of network administration, visibility is paramount. You cannot secure or optimize what you cannot see. For years, the gold standard for network visibility has been NetFlow—a network protocol developed by Cisco that collects active IP network traffic as it enters or exits an interface.