Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Collection - Conference Artifacts

FloCon 2009 Collection

  • These presentations were given at Flocon 2009, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
  • Network Situational Awareness
  • Publisher: CERT
  • At FloCon 2009, presenters discussed topics dealing with flow for network forensics, network inventory, and incident response.

  • A Primer on Network Flow Visualization January 2009 Author(s): Gregory Travis (Indiana University, Bloomington) In this presentation, Gregory Travis provides the basics of network flow visualization and the techniques that have evolved over time.
  • Activity Plot January 2009 Author(s): Dana Paterson (FloVis) In this presentation, given at FloCon 2009, Diana Paterson describes Activity Plot, a new visualization for Netflow data.
  • An Analysis of Sampling Effects on Graph Structures Derived from Network Flow Data January 2009 Author(s): Mark Meiss (Advanced Network Management Laboratory) In this presentation, Mark Meiss describes a study of the effects of sampling on flows and asks how graph structures built from flow data are affected.
  • Analyzing the Effectiveness of Phishing at Network Level January 2009 Author(s): Sagar Mehta (Georgia Institute of Technology), Nitya Sundareswaran (Georgia Institute of Technology), Kevin D. Fairbanks (Georgia Institute of Technology), Nick Feamster (Georgia Institute of Technology) In this presentation, the authors discuss the challenges of analyzing phishing at the network level.
  • CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes January 2009 Author(s): Martin Rehak (CESNET), Pavel Celeda (Liberouter), Michal Pechoucek (Czech Technical University), Jiri Novotny (Masaryk University) In this presentation, the authors discuss network intrusion detection systems, anomaly detection models, and trust-based anomaly integration.
  • Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags January 2009 Author(s): John McHugh, Ulfar Erlingsson (FloVis) In this presentation, the authors discuss network traffic analysis, tree and hash-based representations, and column-oriented databases.
  • Detecting Anomalies in Interhosts Communication Graph January 2009 Author(s): Keisuke Ishibashi (NTT Corporation), Keisuke Ishibashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Shigeaki Harada (NTT Service Integration Laboratories), Tatsuya Mori (NTT Service Integration Laboratories), Ryoichi Kawahara (NTT Service Integration Laboratories), Shoichiro Asano (National Information Institute) In this presentation, the authors discuss anomalous traffic detection, communication graphs, and a method for detecting graphic anomalies.
  • Detecting Spam and Spam Responses January 2009 Author(s): Timothy J. Shimeall In this presentation, Tim Shimeall discusses email, spam, and using flow-based analysis to investigate email-based behaviors.
  • Education in Flow Analysis January 2009 Author(s): Timothy J. Shimeall In this presentation, Tim Shimeall discusses ways to address education in flow analysis at the undergraduate, graduate, and professional levels.
  • FloVis Summary January 2009 Author(s): Stephen Brooks (CA Labs), Carrie Gates, John McHugh In this presentation, the authors describe their current and planned work on FloVis, an extendable framework for network security visualizations.
  • Flow Based Control Plane Situational Awareness January 2009 Author(s): Carter Bullard (QuSient LLC) In this presentation, Carter Bullard discusses the importance of control plane situational awareness and related research now being conducted.
  • FlowBundle January 2009 Author(s): Teryl Taylor (FloVis) In this presentation, Teryl Taylor discusses how FlowBundle visualizes interactions between network entities and uses its features to minimize occlusion.
  • Hardware-Accelerated Flexible Flow Measurement January 2009 Author(s): Pavel Celeda (Liberouter), Martin Zadnik (Liberouter), Lukas Solanka (Liberouter) In this presentation, the authors describe their work developing hardware and software solutions to accelerate IP flow measurement and network monitoring.
  • Integrating Human and Synthetic Reasoning Via Model-Based Analysis January 2009 Author(s): Michael Collins In this presentation, Michael Collins describes a model that combines AI and user interface through fault trees to capture knowledge and improve efficiency.
  • IP Dossier January 2009 Author(s): Paul Krystosek In this presentation, Paul Krystosek discusses using netflow data to learn about the activity of a host given an IP address and a time range.
  • Is There Any Value In Bulk Network Traces? January 2009 Author(s): Sid Faber In this presentation, Sid Faber describes the value of bulk network traces if data sources are tuned to the needed research.
  • Labeled Full Packet/Flow Level Data Capture: Towards a Framework for Instrumenting Cyber Warfare Exercises January 2009 Author(s): Tom Cook (ITOC) In this presentation, Tom Cook describes a proposed framework for capturing datasets from cyber defense exercises and producing valuable security information.
  • Managing and Monitoring a Root DNS Service January 2009 Author(s): John L. Crain (ICANN) In this presentation, John Crain explains the importance of domain names, root servers, and live-view monitoring.
  • NetBytes Viewer: A Entity-Based Visualization Tool January 2009 Author(s): Joel Glanfield (CA Labs) In this presentation, Joel Glanfield explains how FloVis visualizes netflow traffic using an entity-based approach.
  • Security Visualization with FloVis January 2009 Author(s): Teryl Taylor (FloVis), Joel Glanfield (CA Labs), Carrie Gates, John McHugh In this presentation, the authors discuss using FloVis to perform network data analysis.
  • Shared Darknet Development January 2009 Author(s): David A. Ripley (Indiana University Advanced Network Management Laboratory) In this presentation, David Ripley describes a darknet reporting, querying, and analysis system, how it works, and the challenges it faces.
  • Traffic Analysis of UDP-Based Flows in ourmon January 2009 Author(s): James R. Binkley (Portland State University) In this presentation, James Binkley discusses the use of ourmon, an opensource product, for use in traffic analysis of UDP-based data flows.
  • Traffic Clusters in Networks of Convenience January 2009 Author(s): Ron McLeod (Corporate Development Telecom Applications Research Alliance) In this presentation, the authors describe the Mission Diagnostic, applying it, and lessons learn in applying it.
  • VIAssist: Visual Analytics for NetFlow Data January 2009 Author(s): John Goodall (Secure Decisions) In this presentation, the authors provide an overview of the vulnerability discovery field and discuss its use in improving security engineering.
  • FloCon 2009: Call for Presentations January 2009 Author(s): This call for presentations for FloCon 2009 describes the conference, presentation topics, and submission information.