FloCon 2005 Collection
These presentations were given at Flocon 2005, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
Collection Contents
-
A Proposed Translation Data Model for Flow Format Interoperability
September 20, 2005 • White Paper
By Brian Trammell
In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.
read -
Behavior Based Approach to Network Traffic Analysis
September 20, 2005 • Presentation
By Rob Nelson (Pacific Northwest National Laboratory)
In this presentation, the authors discuss the challenges, methods, and future efforts associated with network traffic analysis.
read -
CANINE: A NetFlows Conversion/Anonymization Tool for Format Interoperability and Secure Sharing (Presentation)
September 20, 2005 • Presentation
By Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)
In this presentation, the authors describe CANINE, a converter and anonymizer for investigating netflow events.
read -
CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)
September 20, 2005 • White Paper
By Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)
In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.
read -
Correlations Between Quiescent Ports in Network Flows (White Paper)
September 20, 2005 • White Paper
By Josh McNutt, Markus Deshon
In this paper, the authors introduce a method for detecting the onset of anomalous port-specific activity by recognizing deviation from correlated activity.
read -
Correlations Between Quiescent Ports in Network Flows (Presentation)
September 20, 2005 • Presentation
By Josh McNutt, Markus Deshon
In this presentation, the authors discuss using FloVis to perform network data analysis.
read -
Covert Channel Detection Using Process Query Systems (White Paper)
September 1, 2005 • White Paper
By Vincent Berk (Dartmouth College)
In this FloCon 2005 presentation, the author uses traffic analysis to investigate a stealthy form of data exfiltration.
read -
Covert Channel Detection Using Process Query Systems (Presentation)
September 20, 2005 • Presentation
By Annarita Giani (UC Berkeley), Vincent Berk (Dartmouth College), George Cybenko (Dartmouth College)
In this presentation, the authors discuss detecting covert channels, a subtle way of moving data, using a process query system.
read -
Data Mining NetFlow So What’s Next?
September 20, 2005 • Presentation
By Mark Kane (DDK Tech Group)
In this presentation, Mark Kane provides an overview of data mining, and discusses related frequency patterns, discoveries, and results.
read -
Detecting Distributed Attacks Using Network-Wide Flow Data
September 20, 2005 • Presentation
By Anukool Lakhina (Intel), Mark Crovella (Boston University), Chrisophe Diot (Intel)
In this presentation, the authors discuss methods and applications, such as scans, worms, and flash events, for detecting distributed attacks.
read -
Detecting Distributed Attacks using Network-Wide Flow Traffic
September 20, 2005 • White Paper
By Anukool Lakhina (Intel), Mark Crovella (Boston University), Chrisophe Diot (Intel)
In this paper, the authors present their methods for detecting distributed attacks in backbone networks using sampled flow traffic data.
read -
Distributed QoS Monitoring
September 20, 2005 • Presentation
By Carter Bullard (QuSient LLC)
In this presentation, the author discusses obtaining high-performance network assurance through distributed quality of service monitoring.
read -
Flow Analysis and Interoperability: Data Models
September 20, 2005 • Presentation
By Brian Trammell
In this presentation, given at FloCon 2005, Brian Trammell discusses cooperative flow data analysis.
read -
Flow-Data Compressibility Changes During Internet Worm Outbreaks
September 20, 2005 • White Paper
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this paper, Arno Wagner presents measurements and analysis done on a Swiss internet backbone during the Blaster and Witty internet worm outbreak.
read -
Identifying P2P Heavy-Hitters from Network-Flow Data
September 20, 2005 • White Paper
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Thomas Dubendorfer (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Lukas Hammerle (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Bernhard Plattner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this September 2005 paper, the authors present measurements done on a medium sized internet backbone and discusses accuracy issues.
read -
IP Flow Information eXport (IPFIX)
September 20, 2005 • Presentation
By Elisa Boschi (Hitachi)
In this presentation, Elisa Boschi describes IPFIX, a protocol for transferring IP flow data from IPFIX exporters to collectors.
read -
IP Flow Information Export (IPFIX): Applicability and Future Suggestions for Network Security
September 20, 2005 • White Paper
By Elisa Boschi (Hitachi), Tanja Zseby (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus), Thomas Hirsch (Fraunhofer Fokus)
In this paper, the authors present the IPFIX protocol and discuss its applicability with a special focus on network security.
read -
NERD: Network Emergency Responder & Detector
September 20, 2005 • Presentation
By Wim Biemolt (SURFnet)
In this presentation, Wim Biemolt provides an overview of NERD, Network Emergency Responder & Detector.
read -
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (White Paper)
September 20, 2005 • White Paper
In this paper, the authors describe NVisionIP, a NetFlow visualization tool.
read -
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows (Presentation)
September 20, 2005 • Presentation
By Ratna Bearavolu (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Kiran Lakkaraju (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this presentation, the authors discuss NVisionIP, a tool designed to increase the security analyst's situational awareness.
read -
R: A Proposed Analysis and Visualization Environment for Network Security Data (Presentation)
September 20, 2005 • Presentation
By Josh McNutt
In this presentation, Josh McNutt discusses SiLK tools, introduces R and the R-Silk library, demonstrates a prototype, and discusses analyst benefits.
read -
R: A Proposed Analysis and Visualization Environment for Network Security Data (White Paper)
September 20, 2005 • White Paper
By Josh McNutt
In this paper, Josh McNutt discusses the R statistical language as an analysis and visualization interface to SiLK flow analysis tools.
read -
Time, Pollution and Maps
September 20, 2005 • Presentation
By Michael Collins
In these proceedings, the presentations given at Flocon 2012 are collected.
read -
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (White Paper)
September 20, 2005 • White Paper
In this paper, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
read -
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows (Presentation)
September 20, 2005 • Presentation
By Xiaoxin Yin (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this presentation, the authors present VisFlowConnect-IP, a network flow visualization tool that detects and investigates anomalous network traffic.
read -
Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich
September 20, 2005 • Presentation
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this presentation, Arno Wagner describes the DDOSVax project, and discusses data collection, processing infrastructure, and related software and tools.
read -
FloCon 2005: Call for Papers
September 5, 2005 • Brochure
This call for papers is for the FloCon 2005 Analysis Workshop, where participants discussed flow and network security analysis.
read