search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Attribution and Aggregation of Network Flows for Security Analysis (White Paper)

White Paper
By
In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.
Publisher

Software Engineering Institute

Subjects

Abstract

This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. We show results from initial experiments and describe plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.

SHARE
Download PDF
Part of a Collection

FloCon 2006 Collection

Ask a question about this White Paper

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.