FloCon 2011 Collection
These presentations were given at FloCon 2011, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
These presentations and resource documents were provided at FloCon 2011, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2011, participants focused on learning about their networks and confirming what we know about them. Participants explored a wide range of topics and discussed dark space, how many web servers you're actually operating, spam, and DNS servers and their susceptibility to cache poisoning.
Collection Contents
-
Analysis Pipeline
January 10, 2011 • Presentation
By Dan Ruef
In this presentation, Dan Ruef discusses moving analysis from retroactive to real time, pipeline capabilities, and streaming analysis coding issues.
read -
CERT Virtual Flow Collection and Analysis
January 10, 2011 • Presentation
By George Warnagiris
In this presentation, George Warnagiris describes the work on the Network Situational Awareness group of the CERT Division.
read -
Coordinated Non-Intrusive Capturing of Flow Paths
January 10, 2011 • Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby discusses flow paths and coordinated traffic observation.
read -
Darkspace Construction and Maintenance
January 10, 2011 • Presentation
By Jeff Janies, M. P. Collins (Redjack)
In this presentation, the authors discuss darkspaces, external routable address blocks to which no legitimate network traffic should be destined.
read -
Detecting Botnets with NetFlow
January 10, 2011 • Presentation
By Vojtech Krmícek (Masaryk University), Tomáš Plesník (Masaryk University)
In this presentation, the authors discuss NetFlow monitoring at Masaryk University and botnet detection methods.
read -
Detecting Long Flows
January 10, 2011 • Presentation
By John McHugh
In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.
read -
DLP Detection with Netflow
January 10, 2011 • Presentation
By Christopher Poetzel (Argonne National Laboratory)
In this presentation, Christopher Poetzel discusses data loss prevention and the use of Netflow-based solutions to look for anomalous data.
read -
Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet
January 10, 2011 • Presentation
By Rhiannon Weaver, Chris Nunnery (University of North Carolina), Gautam Singaraju (University of North Carolina), Brent B. Kang
In this presentation, the authors discuss a new method for measuring the discrepancy between counting IP addresses and counting individual machines in a botnet.
read -
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management
January 10, 2011 • Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall explores the interaction of data analysis and security event management and new approaches to be explored.
read -
Flows as a Topology Chart
January 10, 2011 • Presentation
By Hiroshi Asakura (NTT Corporation), Kensuke Nakata (NTT Corporation), Shingo Kashima (NTT Corporation), Hiroshi Kurakami (NTT Corporation)
In this presentation, NTT Corporation staff cover the challenges of visualizing both the inside and outside of your network using topology flow charts.
read -
From Data Collection to Action: Achieving Rapid Identification of Cyber Threats and Perpetrators
January 10, 2011 • Presentation
By Joel Ebrahimi (Bivio Networks)
In this presentation, Joel Ebrahimi shows how to use data retention to identify cybersecurity threats and learn what capabilities cyber analysts must have.
read -
Garbage Collection: Using Flow to Understand Private Network Data Leakage
January 10, 2011 • Presentation
By Sid Faber
In this presentation, Sid Faber shows how you can use garbage collection to explore data leakage in your network.
read -
Incorporating Dynamic List Structures into YAF
January 10, 2011 • Presentation
By Dan Ruef, Emily Sarneso
In this presentation, the authors discuss IPFIX limitations and extensions, list structure, and mediators in YAF.
read -
Indexing Full Packet Capture Data With Flow
January 10, 2011 • Presentation
By Randy Heins (Northrop Grumman)
In this presentation, Randy Heins describes lessons learned in developing a full packet capture system.
read -
Leveraging Other Data Sources with Flow to Identify Anomalous Network Behavior
January 10, 2011 • Presentation
By Peter Mullarkey (CA Technologies), Mike Johns (CA Technologies), Ben Haley (CA Technologies)
In this presentation, the authors discuss how to create high-quality events without sacrificing scalability.
read -
MATLAB Commands in Numerical Python (NumPy)
January 10, 2011 • Presentation
These slides show the syntax of many MATLAB commands in numerical Python.
read -
Network Analysis with SiLK
January 13, 2014 • Presentation
By Ron Bandes
In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.
read -
Network Flow Data Analysis Using Graph Pattern Search
January 10, 2011 • Presentation
By Josh Goldfarb (US-CERT)
In this presentation, Josh Goldfarb discusses problems, solutions, and tools related to using graph pattern searches to analyze network flow data.
read -
Not to Miss Small-Amount but Important Traffic
January 10, 2011 • Presentation
By Kazunori Kamiya (NTT Corporation)
In this presentation, Kazunori Kamiya discusses using flow data, flow sampling, and flow collectors and analyzers.
read -
Privacy Preserving Network Flow Recording
January 10, 2011 • Presentation
By Bilal Shebaro (University of New Mexico), Jedidiah R. Crandall (University of New Mexico)
In this presentation, the authors describe ways to use netflow data in ways that preserve privacy.
read -
Protographs: Graph-Based Approach to NetFlow Analysis
January 10, 2011 • Presentation
By Jeff Janies
In this presentation Jeff Janies discusses how social networks can complement existing volumetric analysis.
read -
Real Time Topology Based Flow Visualization
January 10, 2011 • Presentation
By John K. Smith
In this presentation, John Smith describes the flow visualization tool his team developed, related issues, and use cases.
read -
Security Incident Discovery and Correlation on .Gov Networks
January 10, 2011 • Presentation
By Cory Mazzola (Department of Homeland Security), Timothy Tragesser (Department of Homeland Security)
In this presentation, the authors discuss their work on correlating security incident discovery to .gov networks.
read -
The Rayon Visualization Toolkit
January 10, 2011 • Presentation
By Phil Groce
In this presentation, Phil Groce describes Rayon, a Python library and toolset for generating basic two-dimensional statistical visualizations.
read -
Using Flow For Other Things Than Network Data
January 10, 2011 • Presentation
By Jeroen Massar (IBM Research Zurich)
In this presentation, Jeroen Massar discusses flow analysis and Anaphera, a high-performance and scalable Flow Analyzer.
read