At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.
A Flexible DDoS Detection System Using IPFIXJanuary 2008
Author(s): Thomas Hirsch (Fraunhofer Fokus), Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes how IPFIX supports the integration of new methods.
AMP-Based Flow CollectionJanuary 2008
Author(s): Greg Virgin (Redjack)
In this presentation, given at FloCon 2008, Greg Virgin describes AMP, an analytic flow metadata producer.
Anonymizing Network Flow DataJanuary 2008
Author(s): Timothy J. Shimeall
In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.
Assessing Disclosure Risk in Anonymized DatasetsJanuary 2008
Author(s): Alexi Kounine (EPFL), Michele Bezzi (ATL)
In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.
Automatic Anomaly Detection Using NfSenJanuary 2008
Author(s): Wim Biemolt (SURFnet)
In this presentation, Wim Biemolt discusses using NfSen, a graphical web based front end for the nfdump netflow tools, to perform automatic anomaly detection.
Design for Large-Scale Collection System Using Flow MediatorsJanuary 2008
Author(s): Atsushi Kobayashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss the use of flow mediators in designing large-scale collection systems.
Flow Visualization Using MS-ExcelJanuary 2008
Author(s): Lee Rock (US-CERT), Jay Brown (US-CERT)
In this presentation, US-CERT analysts describe the pros and cons of using MS-Excel to visualize netflow data.
High Level Flow CorrelationJanuary 2008
Author(s): Valentino Crespi (California State Los Angeles), Annarita Giani (UC Berkeley), Rajiv Raghunarayan (Cisco)
In this presentation, the authors discuss flow aggregation and embedding network traffic in a Euclidian space, and describe complex modeling through clustering.
Identifying Anomalous Traffic Using Delta TrafficJanuary 2008
Author(s): Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss DALTAA, a system that recognizes hosts with traffic increases as attack sources and groups them into subnetworks.
Improvement of Processes for Flow InformationJanuary 2008
Author(s): Hitoshi Irino (NTT Corporation), Masaru Katayama (NTT Corporation)
In this presentation, the authors present ideas for optimizing the processes in IPFIX, a protocol for moving IP flow data from IPFIX exporters to collectors.
On Terabit Flow AnalysisJanuary 2008
Author(s): Jonathan M. Smith (University of Pennsylvania)
In this presentation, Jonathan Smith discusses flow analysis on terabit network applications.
On the Anonymization and Deanonymization of NetFlow TrafficJanuary 2008
Author(s): Michalis Foukarakis (Institute of Computer Science), Demetres Antoniades (Institute of Computer Science), Evangelos P. Markatos (Institute of Computer Science)
In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.
One Year of Peer to PeerJanuary 2008
Author(s): Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this presentation, Ron McLeod profiles the growth in peer-to-peer applications on a sample network and describes the increase in the diversity of traffic.
Revisiting the Threshold Random Walk Scan DetectorJanuary 2008
Author(s): Vagishwari Nagaonkar (Wipro Technologies), John McHugh
In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.
SCRUB NetFlowsJanuary 2008
Author(s): William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Clay Woolam (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas)
In this presentation, the authors discuss SCRUB, a tool for multi-field, multi-level netflow anonymization.
Visual Representations of Flow DataJanuary 2008
Author(s): Sunny Fugate (SPAWAR Systems Center, San Diego)
In this presentation, Sunny Fugate discuses the value of visual language when analyzing flow data.
YAF: A Case Study in Flow Meter DesignJanuary 2008
Author(s): Brian Trammell
In this presentation, Brian Trammell describes YAF, which processes data from dumpfiles into bidirectional flow and exports the flows to IPFIX collecting processes.
FloCon 2008: Call for PresentationsJanuary 2008
This call for presentations for FloCon 2008 describes the conference, presentation topics, and submission information.