search menu icon-carat-right cmu-wordmark

FloCon 2004 Collection

These presentations were given at FloCon 2004, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

At the first FloCon in 2004, attendees gave talks on analysis, infrastructure, and data sharing. Topics covered included scanning very large networks, standardization efforts to support data exchange, security at line speed with netflows, and AirCERT.

AirCERT: Building a Framework for Cross- Administrative Domain Data Sharing

July 2004

In this presentation, Roman Danyliw describes AirCERT, a scalable distributed system for sharing security event data among administrative domains.

Analysis of the US-CERT DAC

July 2004

In this presentation, Josh McNutt provides an overview of the data, graphical displays, trends, and anomaly detection of the US-CERT DAC.

Data Sharing: Lessons Learned by the CERT/CC and the CERT/NetSA Groups

July 2004

In this presentation, Roman Danyliw provides an overview of data sharing, and discusses related concerns and observations.

Empirically Based Analysis: The DDoS Case

July 2004

In this keynote presentation, John McHugh explores four themes in thinking about flow analysis.

Detection and Analysis of Scans on Very Large Networks

July 2004

In this presentation, the authors discuss scan detection, scan database, and the analysis of scans.

Flow Data Analysis in SWITCH / ETH Zurich Project DDoSVax

July 2004

In this presentation, Arno Wagner discusses flow data usage by SWITCH, offline analysis examples, traffic amount vs. unique addresses, and analysis tools.

Locality Based Analysis of Network Flows

July 2004

In this presentation, the authors discuss analyzing network data flows using locality, which involves using past observations to predict future behavior.

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich

July 2004

In this presentation, Arno Wagner describes how SWITCH and ETH Zurich capture and process netflow data.

Network Telescopes: The FloCon Files

July 2004

In this presentation, the authors describe CAIDA, a collaboration aimed at promoting cooperation in the engineering and maintenance of internet infrastructure.

Security at Line Speed with NetFlows

July 2004

In this presentation, William Yurcik discusses netflows, instrumentation issues, the data management problem, and NCSA's netflows architecture.

Sharing Intelligence Is Our Best Defense: Incentives That Work versus Disincentives That Can Be Solved

July 2004

In this presentation, the authors describe the use of ISACs to gather, analyze, and share data to combat cybersecurity problems.

Statistical Methods for Flow Data

July 2004

In this presentation, Joseph B. Kadane discusses how Bayesian methods help make the logistic regression approach to scan data stable and operationally feasible.

The State of Standardization Efforts to Support Data Exchange in the Security Domain

July 2004

In this presentation, Roman Danyliw provides an overview of flow and packet formats, alert and event forms, and context-relevant formats.

Wish List

July 2004

In this article, Soumyo D. Moitra describes the data needed to plan network security, particularly related to acquiring and deploying network sensors systems.