search menu icon-carat-right cmu-wordmark

Attribution and Aggregation of Network Flows for Security Analysis (White Paper)

White Paper
In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.

Software Engineering Institute


This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. We show results from initial experiments and describe plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.

Part of a Collection

FloCon 2006 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.