Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Collection - Conference Artifacts

FloCon 2005 Collection

  • These presentations were given at Flocon 2005, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
  • Network Situational Awareness
  • Publisher: CERT
  • At FloCon 2005, which took place in Pittsburgh, PA, conference participants gathered to discuss flow and network security analysis; participants also discussed ways to improve these technologies. Organizers of FloCon 2005 encouraged participants to discuss new topics in security and flow analysis and discuss ways to improve these technologies. 



  • A Proposed Translation Data Model for Flow Format Interoperability September 2005 Author(s): Brian Trammell In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.
  • Behavior Based Approach to Network Traffic Analysis September 2005 Author(s): Rob Nelson (Pacific Northwest National Laboratory) In this presentation, the authors discuss the challenges, methods, and future efforts associated with network traffic analysis.
  • CANINE: A NetFlows Conversion/Anonymization Tool for Format Interoperability and Secure Sharing (Presentation) September 2005 Author(s): Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign) In this presentation, the authors describe CANINE, a converter and anonymizer for investigating netflow events.
  • CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper) September 2005 Author(s): Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign) In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.
  • Correlations Between Quiescent Ports in Network Flows (White Paper) September 2005 Author(s): Josh McNutt, Markus Deshon In this paper, the authors introduce a method for detecting the onset of anomalous port-specific activity by recognizing deviation from correlated activity.
  • Correlations Between Quiescent Ports in Network Flows (Presentation) September 2005 Author(s): Josh McNutt, Markus Deshon In this presentation, the authors discuss using FloVis to perform network data analysis.
  • Covert Channel Detection Using Process Query Systems (White Paper) September 2005 Author(s): Vincent Berk (Dartmouth College) In this FloCon 2005 presentation, the author uses traffic analysis to investigate a stealthy form of data exfiltration.
  • Covert Channel Detection Using Process Query Systems (Presentation) September 2005 Author(s): Annarita Giani (UC Berkeley), Vincent Berk (Dartmouth College), George Cybenko (Dartmouth College) In this presentation, the authors discuss detecting covert channels, a subtle way of moving data, using a process query system.
  • Data Mining NetFlow So What’s Next? September 2005 Author(s): Mark Kane (DDK Tech Group) In this presentation, Mark Kane provides an overview of data mining, and discusses related frequency patterns, discoveries, and results.
  • Detecting Distributed Attacks Using Network-Wide Flow Data September 2005 Author(s): Anukool Lakhina (Intel), Mark Crovella (Boston University), Chrisophe Diot (Intel) In this presentation, the authors discuss methods and applications, such as scans, worms, and flash events, for detecting distributed attacks.
  • Detecting Distributed Attacks using Network-Wide Flow Traffic September 2005 Author(s): Anukool Lakhina (Intel), Mark Crovella (Boston University), Chrisophe Diot (Intel) In this paper, the authors present their methods for detecting distributed attacks in backbone networks using sampled flow traffic data.
  • Distributed QoS Monitoring September 2005 Author(s): Carter Bullard (QuSient LLC) In this presentation, the author discusses obtaining high-performance network assurance through distributed quality of service monitoring.
  • Flow Analysis and Interoperability: Data Models September 2005 Author(s): Brian Trammell In this presentation, given at FloCon 2005, Brian Trammell discusses cooperative flow data analysis.
  • Flow-Data Compressibility Changes During Internet Worm Outbreaks September 2005 Author(s): Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)) In this paper, Arno Wagner presents measurements and analysis done on a Swiss internet backbone during the Blaster and Witty internet worm outbreak.
  • Identifying P2P Heavy-Hitters from Network-Flow Data September 2005 Author(s): Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Thomas Dubendorfer (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Lukas Hammerle (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Bernhard Plattner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)) In this September 2005 paper, the authors present measurements done on a medium sized internet backbone and discusses accuracy issues.
  • IP Flow Information eXport (IPFIX) September 2005 Author(s): Elisa Boschi (Hitachi) In this presentation, Elisa Boschi describes IPFIX, a protocol for transferring IP flow data from IPFIX exporters to collectors.
  • IP Flow Information Export (IPFIX): Applicability and Future Suggestions for Network Security September 2005 Author(s): Elisa Boschi (Hitachi), Tanja Zseby (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus), Thomas Hirsch (Fraunhofer Fokus) In this paper, the authors present the IPFIX protocol and discuss its applicability with a special focus on network security.
  • NERD: Network Emergency Responder & Detector September 2005 Author(s): Wim Biemolt (SURFnet) In this presentation, Wim Biemolt provides an overview of NERD, Network Emergency Responder & Detector.
  • NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (White Paper) September 2005 Author(s): In this paper, the authors describe NVisionIP, a NetFlow visualization tool.
  • NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (Presentation) September 2005 Author(s): Ratna Bearavolu (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Kiran Lakkaraju (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign) In this presentation, the authors discuss NVisionIP, a tool designed to increase the security analyst's situational awareness.
  • R: A Proposed Analysis and Visualization Environment for Network Security Data (Presentation) September 2005 Author(s): Josh McNutt In this presentation, Josh McNutt discusses SiLK tools, introduces R and the R-Silk library, demonstrates a prototype, and discusses analyst benefits.
  • R: A Proposed Analysis and Visualization Environment for Network Security Data (White Paper) September 2005 Author(s): Josh McNutt In this paper, Josh McNutt discusses the R statistical language as an analysis and visualization interface to SiLK flow analysis tools.
  • Time, Pollution and Maps September 2005 Author(s): Michael Collins In these proceedings, the presentations given at Flocon 2012 are collected.
  • VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (White Paper) September 2005 Author(s): In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
  • VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (Presentation) September 2005 Author(s): Xiaoxin Yin (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign) In this presentation, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
  • Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich September 2005 Author(s): Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)) In this presentation, Arno Wagner describes the DDOSVax project, and discusses data collection, processing infrastructure, and related software and tools.
  • FloCon 2005: Call for Papers September 2005 Author(s): This call for papers is for the FloCon 2005 Analysis Workshop, where participants discussed flow and network security analysis.