FloCon 2008 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.
Collection Items
A Flexible DDoS Detection System Using IPFIX
• Presentation
By Thomas Hirsch (Fraunhofer Fokus), Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes how IPFIX supports the integration of new methods.
Learn More
AMP-Based Flow Collection
• Presentation
By Greg Virgin (Redjack)
In this presentation, given at FloCon 2008, Greg Virgin describes AMP, an analytic flow metadata producer.
Learn More
Anonymizing Network Flow Data
• Presentation
By Timothy J. Shimeall
In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.
Learn More
Assessing Disclosure Risk in Anonymized Datasets
• White Paper
By Alexi Kounine (EPFL), Michele Bezzi (ATL)
In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.
Read
Attack Reduction and Anomaly Modeling in Popularly Targeted Protocols
• Presentation
By Michael Collins
In this presentation, Michael Collins discusses noise in traffic flows and its effect on anomaly detection, two-stage filtering, and methods to reduce attacks.
Learn More
Automatic Anomaly Detection Using NfSen
• Presentation
By Wim Biemolt (SURFnet)
In this presentation, Wim Biemolt discusses using NfSen, a graphical web based front end for the nfdump netflow tools, to perform automatic anomaly detection.
Learn More
Design for Large-Scale Collection System Using Flow Mediators
• Presentation
By Atsushi Kobayashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss the use of flow mediators in designing large-scale collection systems.
Learn More
Dynamic Adaptation of Flow Information Granularity for Incident Analysis
• Presentation
By Marc P. Stoecklin (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory), Jean-Yves Le Boudec (Zurich Research Laboratory)
In this presentation, the authors describe how they extended a collector system to provide more accurate incident analysis.
Learn More
Flow Analysis in a Wireless Environment with Short DHCP Leases
• Presentation
By Sanket Parikh (Dalhousie University), John McHugh
The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.
Learn More
Flow Visualization Using MS-Excel
• Presentation
By Lee Rock (US-CERT), Jay Brown (US-CERT)
In this presentation, US-CERT analysts describe the pros and cons of using MS-Excel to visualize netflow data.
Learn More
Hierarchical Bloom Filters: Accelerating Flow Queries and Analysis
• Presentation
By Chris Roblee (Lawrence Livermore National Laboratory)
In this presentation, Chris Roblee provides an introduction to Bloom Filters and discusses performance on actual flow data.
Learn More
High Level Flow Correlation
• Presentation
By Valentino Crespi (California State Los Angeles), Annarita Giani (UC Berkeley), Rajiv Raghunarayan (Cisco)
In this presentation, the authors discuss flow aggregation and embedding network traffic in a Euclidian space, and describe complex modeling through clustering.
Learn More
Identifying Anomalous Traffic Using Delta Traffic
• Presentation
By Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss DALTAA, a system that recognizes hosts with traffic increases as attack sources and groups them into subnetworks.
Learn More
Improvement of Processes for Flow Information
• Presentation
By Hitoshi Irino (NTT Corporation), Masaru Katayama (NTT Corporation)
In this presentation, the authors present ideas for optimizing the processes in IPFIX, a protocol for moving IP flow data from IPFIX exporters to collectors.
Learn More
Incorporating Network Flows in Intrusion Incident Handling and Analysis
• Presentation
By John Gerth (Stanford University)
In this presentation, John Gerth discusses the role network flows play in computer security intrusion investigations.
Learn More
Integration of Context into Data Analysis and Visualization
• Presentation
By Ashley Thomas (SecureWorks), Uday Banerjee (SecureWorks)
In this presentation, Ashley Thomas discusses approaches to data analysis and cross-platform analysis, and describes a sample alert.
Learn More
Network Analysis of Point-of-Sale System Compromises
• Presentation
By Ryan E. Moore (United States Secret Service)
In this presentation, Ryan E. Moore discusses data analysis in situations when point-of-sale systems are compromised.
Learn More
On Terabit Flow Analysis
• Presentation
By Jonathan M. Smith (University of Pennsylvania)
In this presentation, Jonathan Smith discusses flow analysis on terabit network applications.
Learn More
On the Anonymization and Deanonymization of NetFlow Traffic
• White Paper
By Michalis Foukarakis (Institute of Computer Science), Demetres Antoniades (Institute of Computer Science), Evangelos P. Markatos (Institute of Computer Science)
In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.
Read
One Year of Peer to Peer
• Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this presentation, Ron McLeod profiles the growth in peer-to-peer applications on a sample network and describes the increase in the diversity of traffic.
Learn More
Privacy, Data Protection Law, and Flow Data Anonymization: Requirements, Issues, and Challenges
• Presentation
By Elisa Boschi (Hitachi), Ralph Gramigna (KPMG)
In this presentation, the authors discuss the role of flow data anonymization to support data protection.
Learn More
Revisiting the Threshold Random Walk Scan Detector
• Presentation
By Vagishwari Nagaonkar (Wipro Technologies), John McHugh
In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.
Learn More
SCRUB NetFlows
• Presentation
By William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Clay Woolam (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas)
In this presentation, the authors discuss SCRUB, a tool for multi-field, multi-level netflow anonymization.
Learn More
Simplifying the Configuration of Flow Monitoring Probes
• Presentation
By Xenofontas Dimitropoulos (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory)
In this presentation, the authors discuss ways to simplify configuring flow monitoring probes.
Learn More
The Ripple Decoded
• Presentation
By Software Engineering Institute
In this presentation, the authors describe their work on large-scale scan detection.
Learn More
Using the Google Maps API for Flow Visualization
• Presentation
By Sid Faber
In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.
Learn More
Visual Representations of Flow Data
• Presentation
By Sunny Fugate (SPAWAR Systems Center, San Diego)
In this presentation, Sunny Fugate discuses the value of visual language when analyzing flow data.
Learn More
Visualizations of Flow and Analytical Results
• Presentation
By Phil Groce, Jeff Janies
In this presentation, the authors discuss the role of visualization in performing network flow analysis.
Learn More
YAF: A Case Study in Flow Meter Design
• Presentation
By Brian Trammell
In this presentation, Brian Trammell describes YAF, which processes data from dumpfiles into bidirectional flow and exports the flows to IPFIX collecting processes.
Learn More
FloCon 2008: Call for Presentations
• Brochure
By Software Engineering Institute
This call for presentations for FloCon 2008 describes the conference, presentation topics, and submission information.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.