search menu icon-carat-right cmu-wordmark

FloCon 2006 Collection

These presentations were given at Flocon 2006, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

This FloCon conference included 12 papers and 13 presentations given by experts in the field of flow analysis. Discussions covered topics such as flow processing, flow measurement, network traffic, and analysis methods.

A Case for Packet Sampling

October 2006

In this presentation, Tanja Zseby advises how and when to use sampling.

A System Architecture for Processing Flows

October 2006

In this presentation, Raj Srinivasan proposes a clustering architecture and demonstrates its implementation for commercial applications.

A Traffic Analysis of a Small Private Network Compromised by an Online Gaming Host (White Paper)

October 2006

In this paper, Ron McLeod describes a network traffic capture and analysis used to investigate network performance issues of a small private network.

A Traffic Analysis of a Small Private Network Compromised by an Online Gaming Host (Presentation)

October 2006

In this presentation, Ron McLeod describes the results of an analysis to investigate performance issues on a small private network.

Analysis Methods Discussion

October 2006

In this presentation, conference attendees discuss high-level issues addressed at FloCon 2006.

Anomaly Detection Through Blind Flow Analysis Inside a Local Network (White Paper)

October 2006

In this paper, the authors describe how hosts may be clustered into user workstations, servers, printers, and hosts compromised by worms.

Anomaly Detection Through Blind Flow Analysis Inside a Local Network (Presentation)

October 2006

In this presentation, the authors describe how hosts may be clustered into user workstations, servers, printers, and hosts compromised by worms.

Anomaly Sampling (Bringing Diversity to Network Security)

October 2006

This presentation was given at FloCon 2006, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

Anomaly-Based BotServer (and more!) Detection

October 2006

In this presentation, Jim Binkley discusses experimental flow tuples, and botnet server and client mesh detection.

Attribution and Aggregation of Network Flows for Security Analysis (White Paper)

October 2006

In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.

Attribution and Aggregation of Network Flows for Security Analysis (Presentation)

October 2006

In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.

Bidirectional Flow Measurement, IPFIX, and Security Analysis

October 2006

In this presentation, the authors describe the importance of bi-flow information and explain how IPFIX can be used most effectively.

Identifying Anomalous Network Traffic Through the Use of Client Port Distribution

October 2006

In this paper, Josh Goldfarb introduces an approach to IP flow analysis that examines server ports and client ports that exchange flows with them.

Impact of Packet Sampling on Anomaly Detection Metrics

October 2006

In this presentation, the authors discuss their evaluation of the impact of sampling on anomaly detection metrics.

IPFIX/PSAMP: What Future Standards Can Offer to Network Security (White Paper)

October 2006

In this paper, the authors show how IPFIX and PSAMP can be used to support network security.

IPFIX/PSAMP: What Future Standards Can Offer to Network Security (Presentation)

October 2006

In this presentation, the authors describe exporting packet information with IPFIX.

RAVE: The Retrospective Analysis and Visualization Engine

October 2006

In this paper, the authors present RAVE as an analysis service provider.

Scalable Flow Analysis (White Paper)

October 2006

In this paper, the authors present a new approach for summarization and analysis of flow records.

Scalable Flow Analysis (Presentation)

October 2006

In this presentation, the authors describe a comprehensive architecture and taxonomy for flow collection and analysis.

System Requirements for Flow Processing

October 2006

In this paper, Raj Srinivasan proposes an architecture that meets security requirements and is flexible enough to support future application needs.

The Effect of Packet Sampling on Anomaly Detection

October 2006

In this paper, the authors empirically evaluate the impact of sampling on anomaly detection.

The Past and Future of Flow Analysis

October 2006

This keynote presentation was delivered by John McHugh at FloCon 2006.