FloCon 2011 Collection
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations and resource documents were provided at FloCon 2011, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2011, participants focused on learning about their networks and confirming what we know about them. Participants explored a wide range of topics and discussed dark space, how many web servers you're actually operating, spam, and DNS servers and their susceptibility to cache poisoning.
Collection Items

Analysis Pipeline
• Presentation
By Daniel Ruef
In this presentation, Dan Ruef discusses moving analysis from retroactive to real time, pipeline capabilities, and streaming analysis coding issues.
Learn More
CERT Virtual Flow Collection and Analysis
• Presentation
By George Warnagiris
In this presentation, George Warnagiris describes the work on the Network Situational Awareness group of the CERT Division.
Learn More
Coordinated Non-Intrusive Capturing of Flow Paths
• Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby discusses flow paths and coordinated traffic observation.
Learn More
Darkspace Construction and Maintenance
• Presentation
By Jeff Janies, M. P. Collins (Redjack)
In this presentation, the authors discuss darkspaces, external routable address blocks to which no legitimate network traffic should be destined.
Learn More
Detecting Botnets with NetFlow
• Presentation
By Vojtech Krmícek (Masaryk University), Tomáš Plesník (Masaryk University)
In this presentation, the authors discuss NetFlow monitoring at Masaryk University and botnet detection methods.
Learn More
Detecting Long Flows
• Presentation
By John McHugh
In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.
Learn More
DLP Detection with Netflow
• Presentation
By Christopher Poetzel (Argonne National Laboratory)
In this presentation, Christopher Poetzel discusses data loss prevention and the use of Netflow-based solutions to look for anomalous data.
Learn More
Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet
• Presentation
By Rhiannon Weaver, Chris Nunnery (University of North Carolina), Gautam Singaraju (University of North Carolina)
In this presentation, the authors discuss a new method for measuring the discrepancy between counting IP addresses and counting individual machines in a botnet.
Learn More
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management
• Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall explores the interaction of data analysis and security event management and new approaches to be explored.
Learn More
Flows as a Topology Chart
• Presentation
By Hiroshi Asakura (NTT Corporation), Kensuke Nakata (NTT Corporation), Shingo Kashima (NTT Corporation), Hiroshi Kurakami (NTT Corporation)
In this presentation, NTT Corporation staff cover the challenges of visualizing both the inside and outside of your network using topology flow charts.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.