search menu icon-carat-right cmu-wordmark

Network Flow Analysis in Information Security Strategy

January 2015 Presentation
Timothy J. Shimeall

In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.

Watch

Abstract

Information security strategies may be classified by a functional series of impacts on attempts to violate assurance policies: deception, frustration, resistance, recognition-and-recovery. A recent book-length treatment of these strategies identified network flow analysis with recognition-and-recovery, but use of network flow data supports the other strategies as well.

This presentation lays out a series of analytics keyed to the strategies they support: traffic baselining to support deception, attack surface estimation to support frustration, anomaly analysis to support resistance, attack profiling to support recognition-and-recovery. The presentation concludes with discussions of combinations of these analytics in an integrated security approach.