FloCon 2005 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Collection Items
A Proposed Translation Data Model for Flow Format Interoperability
• White Paper
By Brian Trammell
In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.
Read
Behavior Based Approach to Network Traffic Analysis
• Presentation
By Rob Nelson (Pacific Northwest National Laboratory)
In this presentation, the authors discuss the challenges, methods, and future efforts associated with network traffic analysis.
Learn More
CANINE: A NetFlows Conversion/Anonymization Tool for Format Interoperability and Secure Sharing (Presentation)
• Presentation
By Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)
In this presentation, the authors describe CANINE, a converter and anonymizer for investigating netflow events.
Learn More
CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)
• White Paper
By Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)
In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.
Read
Correlations Between Quiescent Ports in Network Flows (White Paper)
• White Paper
By Josh McNutt, Markus Deshon
In this paper, the authors introduce a method for detecting the onset of anomalous port-specific activity by recognizing deviation from correlated activity.
Read
Correlations Between Quiescent Ports in Network Flows (Presentation)
• Presentation
By Josh McNutt, Markus Deshon
In this presentation, the authors discuss using FloVis to perform network data analysis.
Learn More
Covert Channel Detection Using Process Query Systems (White Paper)
• White Paper
By Vincent Berk (Dartmouth College)
In this FloCon 2005 presentation, the author uses traffic analysis to investigate a stealthy form of data exfiltration.
Read
Covert Channel Detection Using Process Query Systems (Presentation)
• Presentation
By Annarita Giani (UC Berkeley), Vincent Berk (Dartmouth College), George Cybenko (Dartmouth College)
In this presentation, the authors discuss detecting covert channels, a subtle way of moving data, using a process query system.
Learn More
Data Mining NetFlow So What’s Next?
• Presentation
By Mark Kane (DDK Tech Group)
In this presentation, Mark Kane provides an overview of data mining, and discusses related frequency patterns, discoveries, and results.
Learn More
Detecting Distributed Attacks Using Network-Wide Flow Data
• Presentation
By Anukool Lakhina (Boston University), Mark Crovella (Boston University), Chrisophe Diot (Intel)
In this presentation, the authors discuss methods and applications, such as scans, worms, and flash events, for detecting distributed attacks.
Learn More
Detecting Distributed Attacks using Network-Wide Flow Traffic
• White Paper
By Anukool Lakhina (Boston University), Mark Crovella (Boston University), Chrisophe Diot (Intel)
In this paper, the authors present their methods for detecting distributed attacks in backbone networks using sampled flow traffic data.
Read
Distributed QoS Monitoring
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, the author discusses obtaining high-performance network assurance through distributed quality of service monitoring.
Learn More
Flow Analysis and Interoperability: Data Models
• Presentation
By Brian Trammell
In this presentation, given at FloCon 2005, Brian Trammell discusses cooperative flow data analysis.
Learn More
Flow-Data Compressibility Changes During Internet Worm Outbreaks
• White Paper
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this paper, Arno Wagner presents measurements and analysis done on a Swiss internet backbone during the Blaster and Witty internet worm outbreak.
Read
Identifying P2P Heavy-Hitters from Network-Flow Data
• White Paper
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Thomas Dubendorfer (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Lukas Hammerle (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Bernhard Plattner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this September 2005 paper, the authors present measurements done on a medium-sized internet backbone and discuss accuracy issues.
Read
IP Flow Information eXport (IPFIX)
• Presentation
By Elisa Boschi (Hitachi)
In this presentation, Elisa Boschi describes IPFIX, a protocol for transferring IP flow data from IPFIX exporters to collectors.
Learn More
IP Flow Information Export (IPFIX): Applicability and Future Suggestions for Network Security
• White Paper
By Elisa Boschi (Hitachi), Tanja Zseby (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus), Thomas Hirsch (Fraunhofer Fokus)
In this paper, the authors present the IPFIX protocol and discuss its applicability with a special focus on network security.
Read
NERD: Network Emergency Responder & Detector
• Presentation
By Wim Biemolt (SURFnet)
In this presentation, Wim Biemolt provides an overview of NERD, Network Emergency Responder & Detector.
Learn More
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (White Paper)
• White Paper
By Software Engineering Institute
In this paper, the authors describe NVisionIP, a NetFlow visualization tool.
Read
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (Presentation)
• Presentation
By Ratna Bearavolu (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Kiran Lakkaraju (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this presentation, the authors discuss NVisionIP, a tool designed to increase the security analyst's situational awareness.
Learn More
R: A Proposed Analysis and Visualization Environment for Network Security Data (Presentation)
• Presentation
By Josh McNutt
In this presentation, Josh McNutt discusses SiLK tools, introduces R and the R-Silk library, demonstrates a prototype, and discusses analyst benefits.
Learn More
R: A Proposed Analysis and Visualization Environment for Network Security Data (White Paper)
• White Paper
By Josh McNutt
In this paper, Josh McNutt discusses the R statistical language as an analysis and visualization interface to SiLK flow analysis tools.
Read
Time, Pollution and Maps
• Presentation
By Michael Collins
In these proceedings, the presentations given at Flocon 2012 are collected.
Learn More
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (White Paper)
• White Paper
By Software Engineering Institute
In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
Read
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (Presentation)
• Presentation
By Xiaoxin Yin (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this presentation, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
Learn More
Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich
• Presentation
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this presentation, Arno Wagner describes the DDOSVax project, and discusses data collection, processing infrastructure, and related software and tools.
Learn More
FloCon 2005: Call for Papers
• Brochure
By Software Engineering Institute
This call for papers is for the FloCon 2005 Analysis Workshop, where participants discussed flow and network security analysis.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.