search menu icon-carat-right cmu-wordmark

FloCon 2010 Collection

These presentations were given at FloCon 2010, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

FloCon 2010 focused on flow data analysis within the context of other data sources. Presentations emphasized techniques for analyzing flow data, integrating flow data with network data sets, and engineering support for flow analysis and integration.

A Case Study - Using Flow to Identify Specific Malware Characteristics

January 2010

In this presentation, US-CERT staff explain how they narrowed a large dataset to a few suspicious IP addresses using SiLK and PERL.

A Temporal Logic For Network Flow Analysis

January 2010

In this presentation, Tim Shimeall discusses temporal logic adaptations of flow analysis and how formalization of time relationships can help improve flow analysis methods.

Abstracting and Visualizing Host Behaviour through Graphs

January 2010

In this presentation, Eduard Glatz describes how graphs can be used to represent host traffic while filtering unwanted traffic.

Beyond the Top Talkers: Empirical Correlation of Conficker-C Infected IP Space

January 2010

In this presentation, Rhiannon Weaver discusses Conficker, a computer worm that targets the Microsoft Windows operating system.

DMnet: Detection Mitigation Network: A Behavioral Analysis System Supporting Trust Measurements

January 2010

In this presentation, given at FloCon 2010, the authors describe DMnet, a distributed botnet detection and mitigation system.

DNS and Flow: Bulk DNS Analysis

January 2010

In this presentation, Ed Stoner explores techniques to analyze DNS traffic and combine that analysis with flow analysis.

First Experiences with Cuckoo Bags

January 2010

In this presentation, Redjack staff describe cuckoo bags, data structure and tools for maintaining sets index by IPv4 and IPv6 addresses in the same structure.

Flow Analysis for Network Situational Awareness

January 2010

In this presentation, given at FloCon in January 2010, Tim Shimeall discusses networks, external events and trends, and network dependencies and analysis.

Flow Data at 10 GigE and Beyond: What Can (or Should) We Do?

January 2010

In this presentation, given at FloCon 2010, Scott Pinkerton discusses approaches to using flow data in large environments.

FloCon 2010 Keynote: Flow Data for Billing and Routing

January 2010

In this presentation, Bill Woodcock describes how flow data can be used for smarter billing, routing optimization, and as a target for analyzing user behavior.

Flow Traffic Analysis Narratives

January 2010

In this presentation, Michael Collins describes the importance of developing narratives that abstractly describe activity between hosts.

Flow Valuations Based on Network-Service Cooperation

January 2010

In this FloCon 2010 presentation, Fraunhofer staff describe autonomic networking and using network-service cooperation to determine which flows to block.

Geography of Internet2 Netflow

January 2010

In this presentation, the authors describe a methodology for determining the geographical movement of information on the Internet2 Network.

High-Throughput Real-Time Network Flow Visualization

January 2010

In this presentation, Daniel Best explains how a high-throughput pipeline and tools, such as Traffic Circle, CLIQUE, and MeDiCi, help analysts spot problems.

Introduction to Argus

January 2010

In this presentation, Carter Bullard introduces and describes Argus, a network utilization audit system.

Introduction to SIE

January 2010

In this presentation, Eric Ziegast describes the Security Information Exchange, a set of organizations dedicated to the globally trusted exchange of information.

IPTV Traffic “Qcast”: IP Multicast Traffic Monitoring System with IPFIX/PSAMP

January 2010

In this presentation, the authors discuss issues related to multicast monitoring and introduce their system called Qcast.

Know Your Network

January 2010

In this presentation, Josh Goldfarb explains an iterative approach to knowing what belongs in your network and what does not.

Lessons Learned While Providing SiLK Training

January 2010

In this presentation, Jim Downey describes the lessons he has learned from training customers in SiLK.

Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement

January 2010

In this presentation, Carter Bullard discusses flow data fusion, and how data need to have some requirements to be useful.

Network Host Classification Using Statistical Analysis of Flow Data

January 2010

In this presentation, given at FloCon 2010, the authors describe how host/IP address profiling based on flow data over time can provide valuable outcomes.

Parallel Processing in Netflow Data Fusion

January 2010

In this presentation, the authors discuss parallel processing to facilitate processing data in very large environments.

Project Bloom: Empowering the Security Research Community Through Data Products and Computing

January 2010

In this presentation, the authors describe Project Bloom, a project that provides quality data and data products to researchers.

Realtime Change Detection & Automatic Network Response

January 2010

In this presentation, the authors describe the use of flow data in change detection and response, including current methods and areas of research.

"SASUKE" Traffic Monitoring Tool Traffic Shift Monitoring Based on Correlation Between BGP Messages and Flow Data

January 2010

In this presentation, the authors describe SASUKE, a tool that detects traffic change and identifies the BGP route announcements involved.

SiLK and the Virtual Training Environment

January 2010

In this presentation, CERT staff members describe SiLK, a collection of traffic analysis tools developed by CERT, and the Virtual Training Environment.

Simply Top Talkers

January 2010

In this presentation, the authors discuss techniques to compute top-k listings for single and composed traffic aspects.

Stager – A Generic Tool for Presenting Network Statistics

January 2010

In this presentation, Arne Oslebo describes Stager, a web-based tool for presenting and aggregating most types of network statistics.

Strip Plots: A Simple Automated Time-Series Visualization

January 2010

In this presentation, Sid Faber describes an approach to a self-maintaining network profile using batch processing, email, quick triage, and intuitive design.

Towards Reliable Traffic Classification Using Visual Motifs

January 2010

In this presentation, the authors provide an overview of traffic classification, and discuss and evaluate visual motifs.

Traffic Analysis Using Streaming Queries

January 2010

In this presentation, Mike Fisk shows how continuous queries provide a common query syntax, infrastructure, and framework for traffic analysis.