FloCon 2008 Collection
These presentations were given at Flocon 2008, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.
Collection Contents
-
A Flexible DDoS Detection System Using IPFIX
January 7, 2008 • Presentation
By Thomas Hirsch (Fraunhofer Fokus), Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes how IPFIX supports the integration of new methods.
read -
AMP-Based Flow Collection
January 7, 2008 • Presentation
By Greg Virgin (Redjack)
In this presentation, given at FloCon 2008, Greg Virgin describes AMP, an analytic flow metadata producer.
read -
Anonymizing Network Flow Data
January 7, 2008 • Presentation
By Timothy J. Shimeall
In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.
read -
Assessing Disclosure Risk in Anonymized Datasets
January 7, 2008 • White Paper
By Alexi Kounine (EPFL), Michele Bezzi (ATL)
In this paper, the authors propose a framework for estimating disclosure risk using conditional entropy between the original and the anonymized datasets.
read -
Attack Reduction and Anomaly Modeling in Popularly Targeted Protocols
January 7, 2008 • Presentation
By Michael Collins
In this presentation, Michael Collins discusses noise in traffic flows and its effect on anomaly detection, two-stage filtering, and methods to reduce attacks.
read -
Automatic Anomaly Detection Using NfSen
January 7, 2008 • Presentation
By Wim Biemolt (SURFnet)
In this presentation, Wim Biemolt discusses using NfSen, a graphical web based front end for the nfdump netflow tools, to perform automatic anomaly detection.
read -
Design for Large-Scale Collection System Using Flow Mediators
January 7, 2008 • Presentation
By Atsushi Kobayashi (NTT Corporation), Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss the use of flow mediators in designing large-scale collection systems.
read -
Dynamic Adaptation of Flow Information Granularity for Incident Analysis
January 7, 2008 • Presentation
By Marc P. Stoecklin (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory), Jean-Yves Le Boudec (Zurich Research Laboratory)
In this presentation, the authors describe how they extended a collector system to provide more accurate incident analysis.
read -
Flow Analysis in a Wireless Environment with Short DHCP Leases
January 7, 2008 • Presentation
By Sanket Parikh (Dalhousie University), John McHugh
The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.
read -
Flow Visualization Using MS-Excel
January 7, 2008 • Presentation
By Lee Rock (US-CERT), Jay Brown (US-CERT)
In this presentation, US-CERT analysts describe the pros and cons of using MS-Excel to visualize netflow data.
read -
Hierarchical Bloom Filters: Accelerating Flow Queries and Analysis
January 7, 2008 • Presentation
By Chris Roblee (Lawrence Livermore National Laboratory)
In this presentation, Chris Roblee provides an introduction to Bloom Filters and discusses performance on actual flow data.
read -
High Level Flow Correlation
January 7, 2008 • Presentation
By Valentino Crespi (California State Los Angeles), Annarita Giani (UC Berkeley), Rajiv Raghunarayan (Cisco)
In this presentation, the authors discuss flow aggregation and embedding network traffic in a Euclidian space, and describe complex modeling through clustering.
read -
Identifying Anomalous Traffic Using Delta Traffic
January 7, 2008 • Presentation
By Tsuyoshi Kondoh (NTT Corporation), Keisuke Ishibashi (NTT Corporation)
In this presentation, the authors discuss DALTAA, a system that recognizes hosts with traffic increases as attack sources and groups them into subnetworks.
read -
Improvement of Processes for Flow Information
January 7, 2008 • Presentation
By Hitoshi Irino (NTT Corporation), Masaru Katayama (NTT Corporation)
In this presentation, the authors present ideas for optimizing the processes in IPFIX, a protocol for moving IP flow data from IPFIX exporters to collectors.
read -
Incorporating Network Flows in Intrusion Incident Handling and Analysis
January 7, 2008 • Presentation
By John Gerth (Stanford University)
In this presentation, John Gerth discusses the role network flows play in computer security intrusion investigations.
read -
Integration of Context into Data Analysis and Visualization
January 7, 2008 • Presentation
By Ashley Thomas (SecureWorks), Uday Banerjee (SecureWorks)
In this presentation, Ashley Thomas discusses approaches to data analysis and cross-platform analysis, and describes a sample alert.
read -
Network Analysis of Point-of-Sale System Compromises
January 7, 2008 • Presentation
By Ryan E. Moore (United States Secret Service)
In this presentation, Ryan E. Moore discusses data analysis in situations when point-of-sale systems are compromised.
read -
On Terabit Flow Analysis
January 7, 2008 • Presentation
By Jonathan M. Smith (University of Pennsylvania)
In this presentation, Jonathan Smith discusses flow analysis on terabit network applications.
read -
On the Anonymization and Deanonymization of NetFlow Traffic
January 8, 2008 • White Paper
By Michalis Foukarakis (Institute of Computer Science), Demetres Antoniades (Institute of Computer Science), Evangelos P. Markatos (Institute of Computer Science)
In this paper, the authors describe anontool, which allows per-field anonymization up to the NetFlow layer and offers a wide range of primitives to choose from.
read -
One Year of Peer to Peer
January 7, 2008 • Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this presentation, Ron McLeod profiles the growth in peer-to-peer applications on a sample network and describes the increase in the diversity of traffic.
read -
Privacy, Data Protection Law, and Flow Data Anonymization: Requirements, Issues, and Challenges
January 7, 2008 • Presentation
By Elisa Boschi (Hitachi), Ralph Gramigna (KPMG)
In this presentation, the authors discuss the role of flow data anonymization to support data protection.
read -
Revisiting the Threshold Random Walk Scan Detector
January 7, 2008 • Presentation
By Vagishwari Nagaonkar (Wipro Technologies), John McHugh
In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.
read -
SCRUB NetFlows
January 7, 2008 • Presentation
By William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Clay Woolam (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas)
In this presentation, the authors discuss SCRUB, a tool for multi-field, multi-level netflow anonymization.
read -
Simplifying the Configuration of Flow Monitoring Probes
January 7, 2008 • Presentation
By Xenofontas Dimitropoulos (Zurich Research Laboratory), Andreas Kind (Zurich Research Laboratory)
In this presentation, the authors discuss ways to simplify configuring flow monitoring probes.
read -
The Ripple Decoded
January 7, 2008 • Presentation
In this presentation, the authors describe their work on large-scale scan detection
read -
Using the Google Maps API for Flow Visualization
January 7, 2008 • Presentation
By Sid Faber
In this presentation, Sid Faber discusses a process for visualizing flow data using data extraction, geolocation, XML, Google Maps API, and HTML.
read -
Visual Representations of Flow Data
January 7, 2008 • Presentation
By Sunny Fugate (SPAWAR Systems Center, San Diego)
In this presentation, Sunny Fugate discuses the value of visual language when analyzing flow data.
read -
Visualizations of Flow and Analytical Results
January 7, 2008 • Presentation
By Phil Groce, Jeff Janies
In this presentation, the authors discuss the role of visualization in performing network flow analysis.
read -
YAF: A Case Study in Flow Meter Design
January 7, 2008 • Presentation
By Brian Trammell
In this presentation, Brian Trammell describes YAF, which processes data from dumpfiles into bidirectional flow and exports the flows to IPFIX collecting processes.
read -
FloCon 2008: Call for Presentations
January 7, 2008 • Brochure
This call for presentations for FloCon 2008 describes the conference, presentation topics, and submission information.
read