FloCon 2010 Collection
These presentations were given at FloCon 2010, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Publisher:
CERT
Subjects
FloCon 2010 focused on flow data analysis within the context of other data sources. Presentations emphasized techniques for analyzing flow data, integrating flow data with network data sets, and engineering support for flow analysis and integration.
A Case Study - Using Flow to Identify Specific Malware Characteristics
January 2010
In this presentation, US-CERT staff explain how they narrowed a large dataset to a few suspicious IP addresses using SiLK and PERL.
A Temporal Logic For Network Flow Analysis
January 2010
In this presentation, Tim Shimeall discusses temporal logic adaptations of flow analysis and how formalization of time relationships can help improve flow analysis methods.
Abstracting and Visualizing Host Behaviour through Graphs
January 2010
In this presentation, Eduard Glatz describes how graphs can be used to represent host traffic while filtering unwanted traffic.
Beyond the Top Talkers: Empirical Correlation of Conficker-C Infected IP Space
January 2010
In this presentation, Rhiannon Weaver discusses Conficker, a computer worm that targets the Microsoft Windows operating system.
DMnet: Detection Mitigation Network: A Behavioral Analysis System Supporting Trust Measurements
January 2010
In this presentation, given at FloCon 2010, the authors describe DMnet, a distributed botnet detection and mitigation system.
DNS and Flow: Bulk DNS Analysis
January 2010
In this presentation, Ed Stoner explores techniques to analyze DNS traffic and combine that analysis with flow analysis.
First Experiences with Cuckoo Bags
January 2010
In this presentation, Redjack staff describe cuckoo bags, data structure and tools for maintaining sets index by IPv4 and IPv6 addresses in the same structure.
Flow Analysis for Network Situational Awareness
January 2010
In this presentation, given at FloCon in January 2010, Tim Shimeall discusses networks, external events and trends, and network dependencies and analysis.
Flow Data at 10 GigE and Beyond: What Can (or Should) We Do?
January 2010
In this presentation, given at FloCon 2010, Scott Pinkerton discusses approaches to using flow data in large environments.
FloCon 2010 Keynote: Flow Data for Billing and Routing
January 2010
In this presentation, Bill Woodcock describes how flow data can be used for smarter billing, routing optimization, and as a target for analyzing user behavior.
Flow Traffic Analysis Narratives
January 2010
In this presentation, Michael Collins describes the importance of developing narratives that abstractly describe activity between hosts.
Flow Valuations Based on Network-Service Cooperation
January 2010
In this FloCon 2010 presentation, Fraunhofer staff describe autonomic networking and using network-service cooperation to determine which flows to block.
Geography of Internet2 Netflow
January 2010
In this presentation, the authors describe a methodology for determining the geographical movement of information on the Internet2 Network.
High-Throughput Real-Time Network Flow Visualization
January 2010
In this presentation, Daniel Best explains how a high-throughput pipeline and tools, such as Traffic Circle, CLIQUE, and MeDiCi, help analysts spot problems.
Introduction to Argus
January 2010
In this presentation, Carter Bullard introduces and describes Argus, a network utilization audit system.
Introduction to SIE
January 2010
In this presentation, Eric Ziegast describes the Security Information Exchange, a set of organizations dedicated to the globally trusted exchange of information.
IPTV Traffic “Qcast”: IP Multicast Traffic Monitoring System with IPFIX/PSAMP
January 2010
In this presentation, the authors discuss issues related to multicast monitoring and introduce their system called Qcast.
Know Your Network
January 2010
In this presentation, Josh Goldfarb explains an iterative approach to knowing what belongs in your network and what does not.
Lessons Learned While Providing SiLK Training
January 2010
In this presentation, Jim Downey describes the lessons he has learned from training customers in SiLK.
Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement
January 2010
In this presentation, Carter Bullard discusses flow data fusion, and how data need to have some requirements to be useful.
Network Host Classification Using Statistical Analysis of Flow Data
January 2010
In this presentation, given at FloCon 2010, the authors describe how host/IP address profiling based on flow data over time can provide valuable outcomes.
Parallel Processing in Netflow Data Fusion
January 2010
In this presentation, the authors discuss parallel processing to facilitate processing data in very large environments.
Project Bloom: Empowering the Security Research Community Through Data Products and Computing
January 2010
In this presentation, the authors describe Project Bloom, a project that provides quality data and data products to researchers.
Realtime Change Detection & Automatic Network Response
January 2010
In this presentation, the authors describe the use of flow data in change detection and response, including current methods and areas of research.
"SASUKE" Traffic Monitoring Tool Traffic Shift Monitoring Based on Correlation Between BGP Messages and Flow Data
January 2010
In this presentation, the authors describe SASUKE, a tool that detects traffic change and identifies the BGP route announcements involved.
SiLK and the Virtual Training Environment
January 2010
In this presentation, CERT staff members describe SiLK, a collection of traffic analysis tools developed by CERT, and the Virtual Training Environment.
Simply Top Talkers
January 2010
In this presentation, the authors discuss techniques to compute top-k listings for single and composed traffic aspects.
Stager – A Generic Tool for Presenting Network Statistics
January 2010
In this presentation, Arne Oslebo describes Stager, a web-based tool for presenting and aggregating most types of network statistics.
Strip Plots: A Simple Automated Time-Series Visualization
January 2010
In this presentation, Sid Faber describes an approach to a self-maintaining network profile using batch processing, email, quick triage, and intuitive design.
Towards Reliable Traffic Classification Using Visual Motifs
January 2010
In this presentation, the authors provide an overview of traffic classification, and discuss and evaluate visual motifs.
Traffic Analysis Using Streaming Queries
January 2010
In this presentation, Mike Fisk shows how continuous queries provide a common query syntax, infrastructure, and framework for traffic analysis.