Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Collection - Conference Artifacts

FloCon 2011 Collection

  • These presentations and resource documents were provided at FloCon 2011, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

    At FloCon 2011, participants focused on learning about their networks and confirming what we know about them. Participants explored a wide range of topics and discussed dark space, how many web servers you're actually operating, spam, and DNS servers and their susceptibility to cache poisoning.

  • Analysis Pipeline January 2011 Author(s): Dan Ruef In this presentation, Dan Ruef discusses moving analysis from retroactive to real time, pipeline capabilities, and streaming analysis coding issues.
  • CERT Virtual Flow Collection and Analysis January 2011 Author(s): George Warnagiris In this presentation, George Warnagiris describes the work on the Network Situational Awareness group of the CERT Division.
  • Coordinated Non-Intrusive Capturing of Flow Paths January 2011 Author(s): Tanja Zseby (Fraunhofer Fokus) In this presentation, Tanja Zseby discusses flow paths and coordinated traffic observation.
  • Darkspace Construction and Maintenance January 2011 Author(s): Jeff Janies, M. P. Collins (Redjack) In this presentation, the authors discuss darkspaces, external routable address blocks to which no legitimate network traffic should be destined.
  • Detecting Botnets with NetFlow January 2011 Author(s): Vojtech Krmícek (Masaryk University), Tomáš Plesník (Masaryk University) In this presentation, the authors discuss NetFlow monitoring at Masaryk University and botnet detection methods.
  • Detecting Long Flows January 2011 Author(s): John McHugh In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.
  • DLP Detection with Netflow January 2011 Author(s): Christopher Poetzel (Argonne National Laboratory) In this presentation, Christopher Poetzel discusses data loss prevention and the use of Netflow-based solutions to look for anomalous data.
  • Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet January 2011 Author(s): Rhiannon Weaver, Chris Nunnery (University of North Carolina), Gautam Singaraju (University of North Carolina), Brent B. Kang In this presentation, the authors discuss a new method for measuring the discrepancy between counting IP addresses and counting individual machines in a botnet.
  • Exploring the Interactions Between Network Data Analysis and Security Information/Event Management January 2011 Author(s): Timothy J. Shimeall In this presentation, Timothy Shimeall explores the interaction of data analysis and security event management and new approaches to be explored.
  • Flows as a Topology Chart January 2011 Author(s): Hiroshi Asakura (NTT Corporation), Kensuke Nakata (NTT Corporation), Shingo Kashima (NTT Corporation), Hiroshi Kurakami (NTT Corporation) In this presentation, NTT Corporation staff cover the challenges of visualizing both the inside and outside of your network using topology flow charts.
  • From Data Collection to Action: Achieving Rapid Identification of Cyber Threats and Perpetrators January 2011 Author(s): Joel Ebrahimi (Bivio Networks) In this presentation, Joel Ebrahimi shows how to use data retention to identify cybersecurity threats and learn what capabilities cyber analysts must have.
  • Garbage Collection: Using Flow to Understand Private Network Data Leakage January 2011 Author(s): Sid Faber In this presentation, Sid Faber shows how you can use garbage collection to explore data leakage in your network.
  • Incorporating Dynamic List Structures into YAF January 2011 Author(s): Dan Ruef, Emily Sarneso In this presentation, the authors discuss IPFIX limitations and extensions, list structure, and mediators in YAF.
  • Indexing Full Packet Capture Data With Flow January 2011 Author(s): Randy Heins (Northrop Grumman) In this presentation, Randy Heins describes lessons learned in developing a full packet capture system.
  • Leveraging Other Data Sources with Flow to Identify Anomalous Network Behavior January 2011 Author(s): Peter Mullarkey (CA Technologies), Mike Johns (CA Technologies), Ben Haley (CA Technologies) In this presentation, the authors discuss how to create high-quality events without sacrificing scalability.
  • MATLAB Commands in Numerical Python (NumPy) January 2011 Author(s): These slides show the syntax of many MATLAB commands in numerical Python.
  • Network Analysis with SiLK January 2014 Author(s): Ron Bandes In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.
  • Network Flow Data Analysis Using Graph Pattern Search January 2011 Author(s): Josh Goldfarb (US-CERT) In this presentation, Josh Goldfarb discusses problems, solutions, and tools related to using graph pattern searches to analyze network flow data.
  • Not to Miss Small-Amount but Important Traffic January 2011 Author(s): Kazunori Kamiya (NTT Corporation) In this presentation, Kazunori Kamiya discusses using flow data, flow sampling, and flow collectors and analyzers.
  • Privacy Preserving Network Flow Recording January 2011 Author(s): Bilal Shebaro (University of New Mexico), Jedidiah R. Crandall (University of New Mexico) In this presentation, the authors describe ways to use netflow data in ways that preserve privacy.
  • Protographs: Graph-Based Approach to NetFlow Analysis January 2011 Author(s): Jeff Janies In this presentation Jeff Janies discusses how social networks can complement existing volumetric analysis.
  • Real Time Topology Based Flow Visualization January 2011 Author(s): John K. Smith In this presentation, John Smith describes the flow visualization tool his team developed, related issues, and use cases.
  • Security Incident Discovery and Correlation on .Gov Networks January 2011 Author(s): Cory Mazzola (Department of Homeland Security), Timothy Tragesser (Department of Homeland Security) In this presentation, the authors discuss their work on correlating security incident discovery to .gov networks.
  • The Rayon Visualization Toolkit January 2011 Author(s): Phil Groce In this presentation, Phil Groce describes Rayon, a Python library and toolset for generating basic two-dimensional statistical visualizations.
  • Using Flow For Other Things Than Network Data January 2011 Author(s): Jeroen Massar (IBM Research Zurich) In this presentation, Jeroen Massar discusses flow analysis and Anaphera, a high-performance and scalable Flow Analyzer.