Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Collection - Conference Artifacts

FloCon 2008 Collection

  • These presentations were given at Flocon 2008, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
  • Network Situational Awareness
  • Publisher: CERT
  • At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.

  • A Flexible DDoS Detection System Using IPFIX January 2008 Author(s): Thomas Hirsch (Fraunhofer Fokus), Tanja Zseby (Fraunhofer Fokus) In this presentation, Tanja Zseby describes how IPFIX supports the integration of new methods.
  • AMP-Based Flow Collection January 2008 Author(s): Greg Virgin (Redjack) In this presentation, given at FloCon 2008, Greg Virgin describes AMP, an analytic flow metadata producer.
  • Anonymizing Network Flow Data January 2008 Author(s): Timothy J. Shimeall In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.
  • Assessing Disclosure Risk in Anonymized Datasets January 2008 Author(s): Alexi Kounine (EPFL), Michele Bezzi (ATL) In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.
  • Attack Reduction and Anomaly Modeling in Popularly Targeted Protocols January 2008 Author(s): Michael Collins In this presentation, Michael Collins discusses noise in traffic flows and its effect on anomaly detection, two-stage filtering, and methods to reduce attacks.
  • Automatic Anomaly Detection Using NfSen January 2008 Author(s): Wim Biemolt (SURFnet) In this presentation, Wim Biemolt discusses using NfSen, a graphical web based front end for the nfdump netflow tools, to perform automatic anomaly detection.
  • Design for Large-Scale Collection System Using Flow Mediators January 2008 Author(s): Atsushi Kobayashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation) In this presentation, the authors discuss the use of flow mediators in designing large-scale collection systems.
  • Dynamic Adaptation of Flow Information Granularity for Incident Analysis January 2008 Author(s): Marc P. Stoecklin (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory), Jean-Yves Le Boudec (Zurich Research Laboratory) In this presentation, the authors describe how they extended a collector system to provide more accurate incident analysis.
  • Flow Analysis in a Wireless Environment with Short DHCP Leases January 2008 Author(s): Sanket Parikh (Dalhousie University), John McHugh The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.
  • Flow Visualization Using MS-Excel January 2008 Author(s): Lee Rock (US-CERT), Jay Brown (US-CERT) In this presentation, US-CERT analysts describe the pros and cons of using MS-Excel to visualize netflow data.
  • Hierarchical Bloom Filters: Accelerating Flow Queries and Analysis January 2008 Author(s): Chris Roblee (Lawrence Livermore National Laboratory) In this presentation, Chris Roblee provides an introduction to Bloom Filters and discusses performance on actual flow data.
  • High Level Flow Correlation January 2008 Author(s): Valentino Crespi (California State Los Angeles), Annarita Giani (UC Berkeley), Rajiv Raghunarayan (Cisco) In this presentation, the authors discuss flow aggregation and embedding network traffic in a Euclidian space, and describe complex modeling through clustering.
  • Identifying Anomalous Traffic Using Delta Traffic January 2008 Author(s): Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation) In this presentation, the authors discuss DALTAA, a system that recognizes hosts with traffic increases as attack sources and groups them into subnetworks.
  • Improvement of Processes for Flow Information January 2008 Author(s): Hitoshi Irino (NTT Corporation), Masaru Katayama (NTT Corporation) In this presentation, the authors present ideas for optimizing the processes in IPFIX, a protocol for moving IP flow data from IPFIX exporters to collectors.
  • Incorporating Network Flows in Intrusion Incident Handling and Analysis January 2008 Author(s): John Gerth (Stanford University) In this presentation, John Gerth discusses the role network flows play in computer security intrusion investigations.
  • Integration of Context into Data Analysis and Visualization January 2008 Author(s): Ashley Thomas (SecureWorks), Uday Banerjee (SecureWorks) In this presentation, Ashley Thomas discusses approaches to data analysis and cross-platform analysis, and describes a sample alert.
  • Network Analysis of Point-of-Sale System Compromises January 2008 Author(s): Ryan E. Moore (United States Secret Service) In this presentation, Ryan E. Moore discusses data analysis in situations when point-of-sale systems are compromised.
  • On Terabit Flow Analysis January 2008 Author(s): Jonathan M. Smith (University of Pennsylvania) In this presentation, Jonathan Smith discusses flow analysis on terabit network applications.
  • On the Anonymization and Deanonymization of NetFlow Traffic January 2008 Author(s): Michalis Foukarakis (Institute of Computer Science), Demetres Antoniades (Institute of Computer Science), Evangelos P. Markatos (Institute of Computer Science) In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.
  • One Year of Peer to Peer January 2008 Author(s): Ron McLeod (Corporate Development Telecom Applications Research Alliance) In this presentation, Ron McLeod profiles the growth in peer-to-peer applications on a sample network and describes the increase in the diversity of traffic.
  • Privacy, Data Protection Law, and Flow Data Anonymization: Requirements, Issues, and Challenges January 2008 Author(s): Elisa Boschi (Hitachi), Ralph Gramigna (KPMG) In this presentation, the authors discuss the role of flow data anonymization to support data protection.
  • Revisiting the Threshold Random Walk Scan Detector January 2008 Author(s): Vagishwari Nagaonkar (Wipro Technologies), John McHugh In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.
  • SCRUB NetFlows January 2008 Author(s): William Yurcik (National Center for Supercomputing Applications (NCSA): University of Illinois at Urbana-Champaign), Clay Woolam (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas) In this presentation, the authors discuss SCRUB, a tool for multi-field, multi-level netflow anonymization.
  • Simplifying the Configuration of Flow Monitoring Probes January 2008 Author(s): Xenofontas Dimitropoulos (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory) In this presentation, the authors discuss ways to simplify configuring flow monitoring probes.
  • The Ripple Decoded January 2008 Author(s): In this presentation, the authors describe their work on large-scale scan detection
  • Using the Google Maps API for Flow Visualization January 2008 Author(s): Sid Faber In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.
  • Visual Representations of Flow Data January 2008 Author(s): Sunny Fugate (SPAWAR Systems Center, San Diego) In this presentation, Sunny Fugate discuses the value of visual language when analyzing flow data.
  • Visualizations of Flow and Analytical Results January 2008 Author(s): Phil Groce, Jeff Janies In this presentation, the authors discuss the role of visualization in performing network flow analysis.
  • YAF: A Case Study in Flow Meter Design January 2008 Author(s): Brian Trammell In this presentation, Brian Trammell describes YAF, which processes data from dumpfiles into bidirectional flow and exports the flows to IPFIX collecting processes.
  • FloCon 2008: Call for Presentations January 2008 Author(s): This call for presentations for FloCon 2008 describes the conference, presentation topics, and submission information.