search menu icon-carat-right cmu-wordmark

FloCon 2005 Collection

These presentations were given at Flocon 2005, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

At FloCon 2005, which took place in Pittsburgh, PA, conference participants gathered to discuss flow and network security analysis; participants also discussed ways to improve these technologies. Organizers of FloCon 2005 encouraged participants to discuss new topics in security and flow analysis and discuss ways to improve these technologies. 



A Proposed Translation Data Model for Flow Format Interoperability

September 2005

In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.

Behavior Based Approach to Network Traffic Analysis

September 2005

In this presentation, the authors discuss the challenges, methods, and future efforts associated with network traffic analysis.

CANINE: A NetFlows Conversion/Anonymization Tool for Format Interoperability and Secure Sharing (Presentation)

September 2005

In this presentation, the authors describe CANINE, a converter and anonymizer for investigating netflow events.

CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)

September 2005

In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.

Correlations Between Quiescent Ports in Network Flows (White Paper)

September 2005

In this paper, the authors introduce a method for detecting the onset of anomalous port-specific activity by recognizing deviation from correlated activity.

Correlations Between Quiescent Ports in Network Flows (Presentation)

September 2005

In this presentation, the authors discuss using FloVis to perform network data analysis.

Covert Channel Detection Using Process Query Systems (White Paper)

September 2005

In this FloCon 2005 presentation, the author uses traffic analysis to investigate a stealthy form of data exfiltration.

Covert Channel Detection Using Process Query Systems (Presentation)

September 2005

In this presentation, the authors discuss detecting covert channels, a subtle way of moving data, using a process query system.

Data Mining NetFlow So What’s Next?

September 2005

In this presentation, Mark Kane provides an overview of data mining, and discusses related frequency patterns, discoveries, and results.

Detecting Distributed Attacks Using Network-Wide Flow Data

September 2005

In this presentation, the authors discuss methods and applications, such as scans, worms, and flash events, for detecting distributed attacks.

Detecting Distributed Attacks using Network-Wide Flow Traffic

September 2005

In this paper, the authors present their methods for detecting distributed attacks in backbone networks using sampled flow traffic data.

Distributed QoS Monitoring

September 2005

In this presentation, the author discusses obtaining high-performance network assurance through distributed quality of service monitoring.

Flow Analysis and Interoperability: Data Models

September 2005

In this presentation, given at FloCon 2005, Brian Trammell discusses cooperative flow data analysis.

Flow-Data Compressibility Changes During Internet Worm Outbreaks

September 2005

In this paper, Arno Wagner presents measurements and analysis done on a Swiss internet backbone during the Blaster and Witty internet worm outbreak.

Identifying P2P Heavy-Hitters from Network-Flow Data

September 2005

In this September 2005 paper, the authors present measurements done on a medium sized internet backbone and discusses accuracy issues.

IP Flow Information eXport (IPFIX)

September 2005

In this presentation, Elisa Boschi describes IPFIX, a protocol for transferring IP flow data from IPFIX exporters to collectors.

IP Flow Information Export (IPFIX): Applicability and Future Suggestions for Network Security

September 2005

In this paper, the authors present the IPFIX protocol and discuss its applicability with a special focus on network security.

NERD: Network Emergency Responder & Detector

September 2005

In this presentation, Wim Biemolt provides an overview of NERD, Network Emergency Responder & Detector.

NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (White Paper)

September 2005

In this paper, the authors describe NVisionIP, a NetFlow visualization tool.

NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (Presentation)

September 2005

In this presentation, the authors discuss NVisionIP, a tool designed to increase the security analyst's situational awareness.

R: A Proposed Analysis and Visualization Environment for Network Security Data (Presentation)

September 2005

In this presentation, Josh McNutt discusses SiLK tools, introduces R and the R-Silk library, demonstrates a prototype, and discusses analyst benefits.

R: A Proposed Analysis and Visualization Environment for Network Security Data (White Paper)

September 2005

In this paper, Josh McNutt discusses the R statistical language as an analysis and visualization interface to SiLK flow analysis tools.

Time, Pollution and Maps

September 2005

In these proceedings, the presentations given at Flocon 2012 are collected.

VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (White Paper)

September 2005

In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.

VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (Presentation)

September 2005

In this presentation, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.

Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich

September 2005

In this presentation, Arno Wagner describes the DDOSVax project, and discusses data collection, processing infrastructure, and related software and tools.

FloCon 2005: Call for Papers

September 2005

This call for papers is for the FloCon 2005 Analysis Workshop, where participants discussed flow and network security analysis.