search menu icon-carat-right cmu-wordmark

FloCon 2008 Collection

These presentations were given at Flocon 2008, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.

A Flexible DDoS Detection System Using IPFIX

January 2008

In this presentation, Tanja Zseby describes how IPFIX supports the integration of new methods.

AMP-Based Flow Collection

January 2008

In this presentation, given at FloCon 2008, Greg Virgin describes AMP, an analytic flow metadata producer.

Anonymizing Network Flow Data

January 2008

In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.

Assessing Disclosure Risk in Anonymized Datasets

January 2008

In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.

Attack Reduction and Anomaly Modeling in Popularly Targeted Protocols

January 2008

In this presentation, Michael Collins discusses noise in traffic flows and its effect on anomaly detection, two-stage filtering, and methods to reduce attacks.

Automatic Anomaly Detection Using NfSen

January 2008

In this presentation, Wim Biemolt discusses using NfSen, a graphical web based front end for the nfdump netflow tools, to perform automatic anomaly detection.

Design for Large-Scale Collection System Using Flow Mediators

January 2008

In this presentation, the authors discuss the use of flow mediators in designing large-scale collection systems.

Dynamic Adaptation of Flow Information Granularity for Incident Analysis

January 2008

In this presentation, the authors describe how they extended a collector system to provide more accurate incident analysis.

Flow Analysis in a Wireless Environment with Short DHCP Leases

January 2008

The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.

Flow Visualization Using MS-Excel

January 2008

In this presentation, US-CERT analysts describe the pros and cons of using MS-Excel to visualize netflow data.

Hierarchical Bloom Filters: Accelerating Flow Queries and Analysis

January 2008

In this presentation, Chris Roblee provides an introduction to Bloom Filters and discusses performance on actual flow data.

High Level Flow Correlation

January 2008

In this presentation, the authors discuss flow aggregation and embedding network traffic in a Euclidian space, and describe complex modeling through clustering.

Identifying Anomalous Traffic Using Delta Traffic

January 2008

In this presentation, the authors discuss DALTAA, a system that recognizes hosts with traffic increases as attack sources and groups them into subnetworks.

Improvement of Processes for Flow Information

January 2008

In this presentation, the authors present ideas for optimizing the processes in IPFIX, a protocol for moving IP flow data from IPFIX exporters to collectors.

Incorporating Network Flows in Intrusion Incident Handling and Analysis

January 2008

In this presentation, John Gerth discusses the role network flows play in computer security intrusion investigations.

Integration of Context into Data Analysis and Visualization

January 2008

In this presentation, Ashley Thomas discusses approaches to data analysis and cross-platform analysis, and describes a sample alert.

Network Analysis of Point-of-Sale System Compromises

January 2008

In this presentation, Ryan E. Moore discusses data analysis in situations when point-of-sale systems are compromised.

On Terabit Flow Analysis

January 2008

In this presentation, Jonathan Smith discusses flow analysis on terabit network applications.

On the Anonymization and Deanonymization of NetFlow Traffic

January 2008

In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.

One Year of Peer to Peer

January 2008

In this presentation, Ron McLeod profiles the growth in peer-to-peer applications on a sample network and describes the increase in the diversity of traffic.

Privacy, Data Protection Law, and Flow Data Anonymization: Requirements, Issues, and Challenges

January 2008

In this presentation, the authors discuss the role of flow data anonymization to support data protection.

Revisiting the Threshold Random Walk Scan Detector

January 2008

In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.

SCRUB NetFlows

January 2008

In this presentation, the authors discuss SCRUB, a tool for multi-field, multi-level netflow anonymization.

Simplifying the Configuration of Flow Monitoring Probes

January 2008

In this presentation, the authors discuss ways to simplify configuring flow monitoring probes.

The Ripple Decoded

January 2008

In this presentation, the authors describe their work on large-scale scan detection

Using the Google Maps API for Flow Visualization

January 2008

In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.

Visual Representations of Flow Data

January 2008

In this presentation, Sunny Fugate discuses the value of visual language when analyzing flow data.

Visualizations of Flow and Analytical Results

January 2008

In this presentation, the authors discuss the role of visualization in performing network flow analysis.

YAF: A Case Study in Flow Meter Design

January 2008

In this presentation, Brian Trammell describes YAF, which processes data from dumpfiles into bidirectional flow and exports the flows to IPFIX collecting processes.

FloCon 2008: Call for Presentations

January 2008

This call for presentations for FloCon 2008 describes the conference, presentation topics, and submission information.