FloCon 2009 Collection
These presentations were given at Flocon 2009, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
At FloCon 2009, presenters discussed topics dealing with flow for network forensics, network inventory, and incident response.
Collection Contents
-
A Primer on Network Flow Visualization
January 12, 2009 • Presentation
By Gregory Travis (Indiana University, Bloomington)
In this presentation, Gregory Travis provides the basics of network flow visualization and the techniques that have evolved over time.
read -
Activity Plot
January 12, 2009 • Presentation
By Dana Paterson (FloVis)
In this presentation, given at FloCon 2009, Diana Paterson describes Activity Plot, a new visualization for Netflow data.
read -
An Analysis of Sampling Effects on Graph Structures Derived from Network Flow Data
January 12, 2009 • Presentation
By Mark Meiss (Advanced Network Management Laboratory)
In this presentation, Mark Meiss describes a study of the effects of sampling on flows and asks how graph structures built from flow data are affected.
read -
Analyzing the Effectiveness of Phishing at Network Level
January 12, 2009 • Presentation
By Sagar Mehta (Georgia Institute of Technology), Nitya Sundareswaran (Georgia Institute of Technology), Kevin D. Fairbanks (Georgia Institute of Technology), Nick Feamster (Georgia Institute of Technology)
In this presentation, the authors discuss the challenges of analyzing phishing at the network level.
read -
CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes
January 12, 2009 • Presentation
By Martin Rehak (CESNET), Pavel Celeda (Liberouter), Michal Pechoucek (Czech Technical University), Jiri Novotny (Masaryk University)
In this presentation, the authors discuss network intrusion detection systems, anomaly detection models, and trust-based anomaly integration.
read -
Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags
January 12, 2009 • Presentation
By John McHugh, Ulfar Erlingsson (FloVis)
In this presentation, the authors discuss network traffic analysis, tree and hash-based representations, and column-oriented databases.
read -
Detecting Anomalies in Interhosts Communication Graph
January 12, 2009 • Presentation
By Keisuke Ishibashi (NTT Corporation), Keisuke Ishibashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Shigeaki Harada (NTT Service Integration Laboratories), Tatsuya Mori (NTT Service Integration Laboratories), Ryoichi Kawahara (NTT Service Integration Laboratories), Shoichiro Asano (National Information Institute)
In this presentation, the authors discuss anomalous traffic detection, communication graphs, and a method for detecting graphic anomalies.
read -
Detecting Spam and Spam Responses
January 12, 2009 • Presentation
By Timothy J. Shimeall
In this presentation, Tim Shimeall discusses email, spam, and using flow-based analysis to investigate email-based behaviors.
read -
Education in Flow Analysis
January 12, 2009 • Presentation
By Timothy J. Shimeall
In this presentation, Tim Shimeall discusses ways to address education in flow analysis at the undergraduate, graduate, and professional levels.
read -
FloVis Summary
January 12, 2009 • Presentation
By Stephen Brooks (CA Labs), Carrie Gates, John McHugh
In this presentation, the authors describe their current and planned work on FloVis, an extendable framework for network security visualizations.
read -
Flow Based Control Plane Situational Awareness
January 12, 2009 • Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard discusses the importance of control plane situational awareness and related research now being conducted.
read -
FlowBundle
January 12, 2009 • Presentation
By Teryl Taylor (FloVis)
In this presentation, Teryl Taylor discusses how FlowBundle visualizes interactions between network entities and uses its features to minimize occlusion.
read -
Hardware-Accelerated Flexible Flow Measurement
January 12, 2009 • Presentation
By Pavel Celeda (Liberouter), Martin Zadnik (Liberouter), Lukas Solanka (Liberouter)
In this presentation, the authors describe their work developing hardware and software solutions to accelerate IP flow measurement and network monitoring.
read -
Integrating Human and Synthetic Reasoning Via Model-Based Analysis
January 12, 2009 • Presentation
By Michael Collins
In this presentation, Michael Collins describes a model that combines AI and user interface through fault trees to capture knowledge and improve efficiency.
read -
IP Dossier
January 12, 2009 • Presentation
By Paul Krystosek
In this presentation, Paul Krystosek discusses using netflow data to learn about the activity of a host given an IP address and a time range.
read -
Is There Any Value In Bulk Network Traces?
January 12, 2009 • Presentation
By Sid Faber
In this presentation, Sid Faber describes the value of bulk network traces if data sources are tuned to the needed research.
read -
Labeled Full Packet/Flow Level Data Capture: Towards a Framework for Instrumenting Cyber Warfare Exercises
January 12, 2009 • Presentation
By Tom Cook (ITOC)
In this presentation, Tom Cook describes a proposed framework for capturing datasets from cyber defense exercises and producing valuable security information.
read -
Managing and Monitoring a Root DNS Service
January 12, 2009 • Presentation
By John L. Crain (ICANN)
In this presentation, John Crain explains the importance of domain names, root servers, and live-view monitoring.
read -
NetBytes Viewer: A Entity-Based Visualization Tool
January 12, 2009 • Presentation
By Joel Glanfield (CA Labs)
In this presentation, Joel Glanfield explains how FloVis visualizes netflow traffic using an entity-based approach.
read -
Security Visualization with FloVis
January 12, 2009 • Presentation
By Teryl Taylor (FloVis), Joel Glanfield (CA Labs), Carrie Gates, John McHugh
In this presentation, the authors discuss using FloVis to perform network data analysis.
read -
Shared Darknet Development
January 12, 2009 • Presentation
By David A. Ripley (Indiana University Advanced Network Management Laboratory)
In this presentation, David Ripley describes a darknet reporting, querying, and analysis system, how it works, and the challenges it faces.
read -
Traffic Analysis of UDP-Based Flows in ourmon
January 12, 2009 • Presentation
By James R. Binkley (Portland State University)
In this presentation, James Binkley discusses the use of ourmon, an opensource product, for use in traffic analysis of UDP-based data flows.
read -
Traffic Clusters in Networks of Convenience
January 12, 2009 • Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this presentation, the authors describe the Mission Diagnostic, applying it, and lessons learn in applying it.
read -
VIAssist: Visual Analytics for NetFlow Data
January 12, 2009 • Presentation
By John Goodall (Secure Decisions)
In this presentation, the authors provide an overview of the vulnerability discovery field and discuss its use in improving security engineering.
read -
FloCon 2009: Call for Presentations
January 12, 2009 • Brochure
This call for presentations for FloCon 2009 describes the conference, presentation topics, and submission information.
read