FloCon 2010 Collection

• FloCon 2010 focused on flow data analysis within the context of other data sources. Presentations emphasized techniques for analyzing flow data, integrating flow data with network data sets, and engineering support for flow analysis and integration.

• A Case Study - Using Flow to Identify Specific Malware Characteristics January 2010 Author(s): Jonathan Taimanglo (Department of Homeland Security), Michael Jacobs (Department of Homeland Security) In this presentation, US-CERT staff explain how they narrowed a large dataset to a few suspicious IP addresses using SiLK and PERL.
• A Temporal Logic For Network Flow Analysis January 2010 Author(s): Timothy J. Shimeall In this presentation, Tim Shimeall discusses temporal logic adaptations of flow analysis and how formalization of time relationships can help improve flow analysis methods.
• Abstracting and Visualizing Host Behaviour through Graphs January 2010 Author(s): Eduard Glatz (Computer Engineernig and Networks Laboratory) In this presentation, Eduard Glatz describes how graphs can be used to represent host traffic while filtering unwanted traffic.
• Beyond the Top Talkers: Empirical Correlation of Conficker-C Infected IP Space January 2010 Author(s): Rhiannon Weaver In this presentation, Rhiannon Weaver discusses Conficker, a computer worm that targets the Microsoft Windows operating system.
• DMnet: Detection Mitigation Network: A Behavioral Analysis System Supporting Trust Measurements January 2010 Author(s): Owen McCusker (Sonalysts), Scott Brunza (Sonalysts), Carrie Gates, Joel Glanfield (CA Labs), Dana Paterson (FloVis) In this presentation, given at FloCon 2010, the authors describe DMnet, a distributed botnet detection and mitigation system.
• DNS and Flow: Bulk DNS Analysis January 2010 Author(s): Ed Stoner In this presentation, Ed Stoner explores techniques to analyze DNS traffic and combine that analysis with flow analysis.
• First Experiences with Cuckoo Bags January 2010 Author(s): John McHugh, Jeff Janies, Teryl Taylor (FloVis) In this presentation, Redjack staff describe cuckoo bags, data structure and tools for maintaining sets index by IPv4 and IPv6 addresses in the same structure.
• Flow Analysis for Network Situational Awareness January 2010 Author(s): Timothy J. Shimeall In this presentation, given at FloCon in January 2010, Tim Shimeall discusses networks, external events and trends, and network dependencies and analysis.
• Flow Data at 10 GigE and Beyond: What Can (or Should) We Do? January 2010 Author(s): Scott Pinkerton (Argonne National Laboratory) In this presentation, given at FloCon 2010, Scott Pinkerton discusses approaches to using flow data in large environments.
• FloCon 2010 Keynote: Flow Data for Billing and Routing January 2010 Author(s): Bill Woodcock (Packet Clearing House) In this presentation, Bill Woodcock describes how flow data can be used for smarter billing, routing optimization, and as a target for analyzing user behavior.
• Flow Traffic Analysis Narratives January 2010 Author(s): Michael Collins In this presentation, Michael Collins describes the importance of developing narratives that abstractly describe activity between hosts.
• Flow Valuations Based on Network-Service Cooperation January 2010 Author(s): Tanja Zseby (Fraunhofer Fokus), Thomas Hirsch (Fraunhofer Fokus) In this FloCon 2010 presentation, Fraunhofer staff describe autonomic networking and using network-service cooperation to determine which flows to block.
• Geography of Internet2 Netflow January 2010 Author(s): David A. Ripley (Indiana University Advanced Network Management Laboratory), Tony H. Grubesic (Indiana University), Timothy C. Matisziw (University of Missouri) In this presentation, the authors describe a methodology for determining the geographical movement of information on the Internet2 Network.
• High-Throughput Real-Time Network Flow Visualization January 2010 Author(s): Daniel Best (Pacific Northwest National Laboratory) In this presentation, Daniel Best explains how a high-throughput pipeline and tools, such as Traffic Circle, CLIQUE, and MeDiCi, help analysts spot problems.
• Introduction to Argus January 2010 Author(s): Carter Bullard (QuSient LLC) In this presentation, Carter Bullard introduces and describes Argus, a network utilization audit system.
• Introduction to SIE January 2010 Author(s): Eric Ziegast (Internet Systems Consortium) In this presentation, Eric Ziegast describes the Security Information Exchange, a set of organizations dedicated to the globally trusted exchange of information.
• IPTV Traffic “Qcast”: IP Multicast Traffic Monitoring System with IPFIX/PSAMP January 2010 Author(s): Shingo Kashima (NTT Corporation), Atsushi Kobayashi (NTT Corporation) In this presentation, the authors discuss issues related to multicast monitoring and introduce their system called Qcast.
• Know Your Network January 2010 Author(s): Josh Goldfarb (MITS Cybersecurity) In this presentation, Josh Goldfarb explains an iterative approach to knowing what belongs in your network and what does not.
• Lessons Learned While Providing SiLK Training January 2010 Author(s): Jim Downey (Defense Information Systems Agency), Jim Downey (Defense Information Systems Agency) In this presentation, Jim Downey describes the lessons he has learned from training customers in SiLK.
• Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement January 2010 Author(s): Carter Bullard (QuSient LLC) In this presentation, Carter Bullard discusses flow data fusion, and how data need to have some requirements to be useful.
• Network Host Classification Using Statistical Analysis of Flow Data January 2010 Author(s): Alex Kent (Los Alamos National Laboratory), Mike Fisk (Los Alamos National Laboratory), Eugene Gavrilov (Los Alamos National Laboratory) In this presentation, given at FloCon 2010, the authors describe how host/IP address profiling based on flow data over time can provide valuable outcomes.
• Parallel Processing in Netflow Data Fusion January 2010 Author(s): George Saylor (G2, Inc.), Michael Rash (G2, Inc.) In this presentation, the authors discuss parallel processing to facilitate processing data in very large environments.
• Project Bloom: Empowering the Security Research Community Through Data Products and Computing January 2010 Author(s): Minaxi Gupta (Indiana University, Bloomington), Gregory Travis (Indiana University, Bloomington), Doug D. Pearson (Indiana University, Bloomington) In this presentation, the authors describe Project Bloom, a project that provides quality data and data products to researchers.
• Realtime Change Detection & Automatic Network Response January 2010 Author(s): Alex Brugh (Los Alamos National Laboratory), Mike Fisk (Los Alamos National Laboratory), Josh Neil (Los Alamos National Laboratory), Paul Ferrell (Los Alamos National Laboratory), Scott Miller (Los Alamos National Laboratory), Danny Quist (Los Alamos National Laboratory) In this presentation, the authors describe the use of flow data in change detection and response, including current methods and areas of research.
• "SASUKE" Traffic Monitoring Tool Traffic Shift Monitoring Based on Correlation Between BGP Messages and Flow Data January 2010 Author(s): Atsushi Kobayashi (NTT Corporation), Yutaka Hirokawa (NTT Information Sharing Laboratories), Hiroshi Kurakami (NTT Corporation) In this presentation, the authors describe SASUKE, a tool that detects traffic change and identifies the BGP route announcements involved.
• SiLK and the Virtual Training Environment January 2010 Author(s): George Warnagiris In this presentation, CERT staff members describe SiLK, a collection of traffic analysis tools developed by CERT, and the Virtual Training Environment.
• Simply Top Talkers January 2010 Author(s): Jeroen Massar (IBM Research Zurich), Andreas Kind (Zurich Research Laboratory), Marc P. Stoecklin (Zurich Research Laboratory) In this presentation, the authors discuss techniques to compute top-k listings for single and composed traffic aspects.
• Stager – A Generic Tool for Presenting Network Statistics January 2010 Author(s): Arne Oslebo (Uninett) In this presentation, Arne Oslebo describes Stager, a web-based tool for presenting and aggregating most types of network statistics.
• Strip Plots: A Simple Automated Time-Series Visualization January 2010 Author(s): Sid Faber In this presentation, Sid Faber describes an approach to a self-maintaining network profile using batch processing, email, quick triage, and intuitive design.
• Towards Reliable Traffic Classification Using Visual Motifs January 2010 Author(s): Wilson Lian (University of North Carolina, Chapel Hill), John McHugh, Fabian Monrose (University of North Carolina, Chapel Hill) In this presentation, the authors provide an overview of traffic classification, and discuss and evaluate visual motifs.
• Traffic Analysis Using Streaming Queries January 2010 Author(s): Mike Fisk (Los Alamos National Laboratory) In this presentation, Mike Fisk shows how continuous queries provide a common query syntax, infrastructure, and framework for traffic analysis.