Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

John McHugh (RedJack)
January 2015 - Presentation Flow Storage Revisited: Is It Time to Re-Architect Flow Storage and Processing Systems?

Topics: Network Situational Awareness

Authors: John McHugh

In this talk, John presents the results of experiments using a modest data set comprising on the order of a billion flow records.

January 2014 - Presentation Streaming Analysis: An Alternate Analysis Paradigm

Topics: Network Situational Awareness

Authors: John McHugh

In this presentation, John McHugh discusses how streaming analytics relieves the volume of stored data and decreases threat reaction time.

January 2013 - Presentation Considerations for Scan Detection Using Flow Data

Topics: Network Situational Awareness

Authors: John McHugh

In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.

January 2012 - Presentation Flow Indexing: Making Queries Go Faster

Topics: Network Situational Awareness

Authors: John McHugh

In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.

January 2011 - Presentation Detecting Long Flows

Topics: Network Situational Awareness

Authors: John McHugh

In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.

January 2010 - Presentation First Experiences with Cuckoo Bags

Topics: Network Situational Awareness

Authors: John McHugh, Jeff Janies, Teryl Taylor (FloVis)

In this presentation, Redjack staff describe cuckoo bags, data structure and tools for maintaining sets index by IPv4 and IPv6 addresses in the same structure.

January 2010 - Presentation Towards Reliable Traffic Classification Using Visual Motifs

Topics: Network Situational Awareness

Authors: Wilson Lian (University of North Carolina, Chapel Hill), John McHugh, Fabian Monrose (University of North Carolina, Chapel Hill)

In this presentation, the authors provide an overview of traffic classification, and discuss and evaluate visual motifs.

January 2009 - Presentation FloVis Summary

Topics: Network Situational Awareness

Authors: Stephen Brooks (CA Labs), Carrie Gates, John McHugh

In this presentation, the authors describe their current and planned work on FloVis, an extendable framework for network security visualizations.

January 2009 - Presentation Security Visualization with FloVis

Topics: Network Situational Awareness

Authors: Teryl Taylor (FloVis), Joel Glanfield (CA Labs), Carrie Gates, John McHugh

In this presentation, the authors discuss using FloVis to perform network data analysis.

January 2009 - Presentation Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags

Topics: Network Situational Awareness

Authors: John McHugh, Ulfar Erlingsson (FloVis)

In this presentation, the authors discuss network traffic analysis, tree and hash-based representations, and column-oriented databases.

January 2008 - Presentation Revisiting the Threshold Random Walk Scan Detector

Topics: Network Situational Awareness

Authors: Vagishwari Nagaonkar (Wipro Technologies), John McHugh

In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.

January 2008 - Presentation Flow Analysis in a Wireless Environment with Short DHCP Leases

Topics: Network Situational Awareness

Authors: Sanket Parikh (Dalhousie University), John McHugh

The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.

October 2006 - Presentation The Past and Future of Flow Analysis

Topics: Network Situational Awareness

Authors: John McHugh

This keynote presentation was delivered by John McHugh at FloCon 2006.

July 2004 - Presentation Locality Based Analysis of Network Flows

Topics: Network Situational Awareness

Authors: John McHugh, Carrie Gates, Damon Becknel

In this presentation, the authors discuss analyzing network data flows using locality, which involves using past observations to predict future behavior.

March 2004 - White Paper Sets, Bags, and Rock and Roll? Analyzing Large Data Sets of Network Data

Topics: Network Situational Awareness

Authors: John McHugh

In this paper, John McHugh describes problems with monitoring and analyzing traffic on high-speed networks.

September 2003 - Technical Report SEI Independent Research and Development Projects (FY 2003)

Authors: Felix Bachmann, Sven Dietrich, Peter H. Feiler, Suzanne Garcia-Miller, Mark H. Klein, Edwin J. Morris, Patrick R. Place, Daniel Plakosh, Robert C. Seacord, Anthony J. Lattanze, B. Craig Meyers, John McHugh, Len Bass, David J. Carney

This report describes the IR&D projects that were conducted during fiscal year 2003 (October 2002 through September 2003).

August 2003 - White Paper Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat

Topics: Network Situational Awareness

Authors: John McHugh, Carrie Gates

In this paper, the authors describe how locality appears in many dimensions and applies to diverse mechanisms.

October 2002 - Technical Report Life-Cycle Models for Survivable Systems

Topics: Cybersecurity Engineering, Software Assurance

Authors: Richard C. Linger (Oak Ridge National Laboratory), Howard F. Lipson, John McHugh, Nancy R. Mead, Carol A. Sledge

In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.

September 2000 - Technical Report Survivable Network Analysis Method

Authors: Nancy R. Mead, Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Thomas A. Longstaff, John McHugh

This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.

January 2000 - Technical Report State of the Practice of Intrusion Detection Technologies

Authors: Julia H. Allen, Alan M. Christie, William L. Fithen, John McHugh, Jed Pickel, Ed Stoner

This report provides an unbiasedassessment of publicly available ID technology. The report also outlines relevant issues for the research community as they formulate research directions and allocate funds.