search menu icon-carat-right cmu-wordmark

Network Flow Analysis in Information Security Strategy

In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.

Software Engineering Institute



Information security strategies may be classified by a functional series of impacts on attempts to violate assurance policies: deception, frustration, resistance, recognition-and-recovery. A recent book-length treatment of these strategies identified network flow analysis with recognition-and-recovery, but use of network flow data supports the other strategies as well.

This presentation lays out a series of analytics keyed to the strategies they support: traffic baselining to support deception, attack surface estimation to support frustration, anomaly analysis to support resistance, attack profiling to support recognition-and-recovery. The presentation concludes with discussions of combinations of these analytics in an integrated security approach.

Part of a Collection

FloCon 2015 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.