search menu icon-carat-right cmu-wordmark

FloCon 2011 Collection

These presentations were given at FloCon 2011, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

These presentations and resource documents were provided at FloCon 2011, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

At FloCon 2011, participants focused on learning about their networks and confirming what we know about them. Participants explored a wide range of topics and discussed dark space, how many web servers you're actually operating, spam, and DNS servers and their susceptibility to cache poisoning.

Analysis Pipeline

January 2011

In this presentation, Dan Ruef discusses moving analysis from retroactive to real time, pipeline capabilities, and streaming analysis coding issues.

CERT Virtual Flow Collection and Analysis

January 2011

In this presentation, George Warnagiris describes the work on the Network Situational Awareness group of the CERT Division.

Coordinated Non-Intrusive Capturing of Flow Paths

January 2011

In this presentation, Tanja Zseby discusses flow paths and coordinated traffic observation.

Darkspace Construction and Maintenance

January 2011

In this presentation, the authors discuss darkspaces, external routable address blocks to which no legitimate network traffic should be destined.

Detecting Botnets with NetFlow

January 2011

In this presentation, the authors discuss NetFlow monitoring at Masaryk University and botnet detection methods.

Detecting Long Flows

January 2011

In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.

DLP Detection with Netflow

January 2011

In this presentation, Christopher Poetzel discusses data loss prevention and the use of Netflow-based solutions to look for anomalous data.

Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet

January 2011

In this presentation, the authors discuss a new method for measuring the discrepancy between counting IP addresses and counting individual machines in a botnet.

Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

January 2011

In this presentation, Timothy Shimeall explores the interaction of data analysis and security event management and new approaches to be explored.

Flows as a Topology Chart

January 2011

In this presentation, NTT Corporation staff cover the challenges of visualizing both the inside and outside of your network using topology flow charts.

From Data Collection to Action: Achieving Rapid Identification of Cyber Threats and Perpetrators

January 2011

In this presentation, Joel Ebrahimi shows how to use data retention to identify cybersecurity threats and learn what capabilities cyber analysts must have.

Garbage Collection: Using Flow to Understand Private Network Data Leakage

January 2011

In this presentation, Sid Faber shows how you can use garbage collection to explore data leakage in your network.

Incorporating Dynamic List Structures into YAF

January 2011

In this presentation, the authors discuss IPFIX limitations and extensions, list structure, and mediators in YAF.

Indexing Full Packet Capture Data With Flow

January 2011

In this presentation, Randy Heins describes lessons learned in developing a full packet capture system.

Leveraging Other Data Sources with Flow to Identify Anomalous Network Behavior

January 2011

In this presentation, the authors discuss how to create high-quality events without sacrificing scalability.

MATLAB Commands in Numerical Python (NumPy)

January 2011

These slides show the syntax of many MATLAB commands in numerical Python.

Network Analysis with SiLK

January 2014

In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.

Network Flow Data Analysis Using Graph Pattern Search

January 2011

In this presentation, Josh Goldfarb discusses problems, solutions, and tools related to using graph pattern searches to analyze network flow data.

Not to Miss Small-Amount but Important Traffic

January 2011

In this presentation, Kazunori Kamiya discusses using flow data, flow sampling, and flow collectors and analyzers.

Privacy Preserving Network Flow Recording

January 2011

In this presentation, the authors describe ways to use netflow data in ways that preserve privacy.

Protographs: Graph-Based Approach to NetFlow Analysis

January 2011

In this presentation Jeff Janies discusses how social networks can complement existing volumetric analysis.

Real Time Topology Based Flow Visualization

January 2011

In this presentation, John Smith describes the flow visualization tool his team developed, related issues, and use cases.

Security Incident Discovery and Correlation on .Gov Networks

January 2011

In this presentation, the authors discuss their work on correlating security incident discovery to .gov networks.

The Rayon Visualization Toolkit

January 2011

In this presentation, Phil Groce describes Rayon, a Python library and toolset for generating basic two-dimensional statistical visualizations.

Using Flow For Other Things Than Network Data

January 2011

In this presentation, Jeroen Massar discusses flow analysis and Anaphera, a high-performance and scalable Flow Analyzer.