search menu icon-carat-right cmu-wordmark

FloCon 2009 Collection

These presentations were given at Flocon 2009, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

At FloCon 2009, presenters discussed topics dealing with flow for network forensics, network inventory, and incident response.

A Primer on Network Flow Visualization

January 2009

In this presentation, Gregory Travis provides the basics of network flow visualization and the techniques that have evolved over time.

Activity Plot

January 2009

In this presentation, given at FloCon 2009, Diana Paterson describes Activity Plot, a new visualization for Netflow data.

An Analysis of Sampling Effects on Graph Structures Derived from Network Flow Data

January 2009

In this presentation, Mark Meiss describes a study of the effects of sampling on flows and asks how graph structures built from flow data are affected.

Analyzing the Effectiveness of Phishing at Network Level

January 2009

In this presentation, the authors discuss the challenges of analyzing phishing at the network level.

CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes

January 2009

In this presentation, the authors discuss network intrusion detection systems, anomaly detection models, and trust-based anomaly integration.

Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags

January 2009

In this presentation, the authors discuss network traffic analysis, tree and hash-based representations, and column-oriented databases.

Detecting Anomalies in Interhosts Communication Graph

January 2009

In this presentation, the authors discuss anomalous traffic detection, communication graphs, and a method for detecting graphic anomalies.

Detecting Spam and Spam Responses

January 2009

In this presentation, Tim Shimeall discusses email, spam, and using flow-based analysis to investigate email-based behaviors.

Education in Flow Analysis

January 2009

In this presentation, Tim Shimeall discusses ways to address education in flow analysis at the undergraduate, graduate, and professional levels.

FloVis Summary

January 2009

In this presentation, the authors describe their current and planned work on FloVis, an extendable framework for network security visualizations.

Flow Based Control Plane Situational Awareness

January 2009

In this presentation, Carter Bullard discusses the importance of control plane situational awareness and related research now being conducted.

FlowBundle

January 2009

In this presentation, Teryl Taylor discusses how FlowBundle visualizes interactions between network entities and uses its features to minimize occlusion.

Hardware-Accelerated Flexible Flow Measurement

January 2009

In this presentation, the authors describe their work developing hardware and software solutions to accelerate IP flow measurement and network monitoring.

Integrating Human and Synthetic Reasoning Via Model-Based Analysis

January 2009

In this presentation, Michael Collins describes a model that combines AI and user interface through fault trees to capture knowledge and improve efficiency.

IP Dossier

January 2009

In this presentation, Paul Krystosek discusses using netflow data to learn about the activity of a host given an IP address and a time range.

Is There Any Value In Bulk Network Traces?

January 2009

In this presentation, Sid Faber describes the value of bulk network traces if data sources are tuned to the needed research.

Labeled Full Packet/Flow Level Data Capture: Towards a Framework for Instrumenting Cyber Warfare Exercises

January 2009

In this presentation, Tom Cook describes a proposed framework for capturing datasets from cyber defense exercises and producing valuable security information.

Managing and Monitoring a Root DNS Service

January 2009

In this presentation, John Crain explains the importance of domain names, root servers, and live-view monitoring.

NetBytes Viewer: A Entity-Based Visualization Tool

January 2009

In this presentation, Joel Glanfield explains how FloVis visualizes netflow traffic using an entity-based approach.

Security Visualization with FloVis

January 2009

In this presentation, the authors discuss using FloVis to perform network data analysis.

Shared Darknet Development

January 2009

In this presentation, David Ripley describes a darknet reporting, querying, and analysis system, how it works, and the challenges it faces.

Traffic Analysis of UDP-Based Flows in ourmon

January 2009

In this presentation, James Binkley discusses the use of ourmon, an opensource product, for use in traffic analysis of UDP-based data flows.

Traffic Clusters in Networks of Convenience

January 2009

In this presentation, the authors describe the Mission Diagnostic, applying it, and lessons learn in applying it.

VIAssist: Visual Analytics for NetFlow Data

January 2009

In this presentation, the authors provide an overview of the vulnerability discovery field and discuss its use in improving security engineering.

FloCon 2009: Call for Presentations

January 2009

This call for presentations for FloCon 2009 describes the conference, presentation topics, and submission information.