FloCon 2004 Collection
These presentations were given at FloCon 2004, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
At the first FloCon in 2004, attendees gave talks on analysis, infrastructure, and data sharing. Topics covered included scanning very large networks, standardization efforts to support data exchange, security at line speed with netflows, and AirCERT.
Collection Contents
-
AirCERT: Building a Framework for Cross- Administrative Domain Data Sharing
July 22, 2004 • Presentation
By Roman Danyliw
In this presentation, Roman Danyliw describes AirCERT, a scalable distributed system for sharing security event data among administrative domains.
read -
Analysis of the US-CERT DAC
July 22, 2004 • Presentation
By Josh McNutt
In this presentation, Josh McNutt provides an overview of the data, graphical displays, trends, and anomaly detection of the US-CERT DAC.
read -
Data Sharing: Lessons Learned by the CERT/CC and the CERT/NetSA Groups
July 22, 2004 • Presentation
By Roman Danyliw
In this presentation, Roman Danyliw provides an overview of data sharing, and discusses related concerns and observations.
read -
Empirically Based Analysis: The DDoS Case
July 22, 2004 • Presentation
By Michael Collins
In this keynote presentation, John McHugh explores four themes in thinking about flow analysis.
read -
Detection and Analysis of Scans on Very Large Networks
July 22, 2004 • Presentation
By Marc I. Kellner, Carrie Gates
In this presentation, the authors discuss scan detection, scan database, and the analysis of scans.
read -
Flow Data Analysis in SWITCH / ETH Zurich Project DDoSVax
July 22, 2004 • Presentation
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this presentation, Arno Wagner discusses flow data usage by SWITCH, offline analysis examples, traffic amount vs. unique addresses, and analysis tools.
read -
Locality Based Analysis of Network Flows
July 22, 2004 • Presentation
By John McHugh, Carrie Gates, Damon Becknel
In this presentation, the authors discuss analyzing network data flows using locality, which involves using past observations to predict future behavior.
read -
NetFlow Data Capturing and Processing at SWITCH and ETH Zurich
July 22, 2004 • Presentation
By Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich))
In this presentation, Arno Wagner describes how SWITCH and ETH Zurich capture and process netflow data.
read -
Network Telescopes: The FloCon Files
July 22, 2004 • Presentation
By David Moore (Cooperative Association for Internet Data Analysis (CAIDA)), Colleen Shannon (Cooperative Association for Internet Data Analysis (CAIDA))
In this presentation, the authors describe CAIDA, a collaboration aimed at promoting cooperation in the engineering and maintenance of internet infrastructure.
read -
Security at Line Speed with NetFlows
July 22, 2004 • Presentation
By William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign)
In this presentation, William Yurcik discusses netflows, instrumentation issues, the data management problem, and NCSA's netflows architecture.
read -
Sharing Intelligence Is Our Best Defense: Incentives That Work versus Disincentives That Can Be Solved
July 22, 2004 • Presentation
By William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Jun Wang (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)
In this presentation, the authors describe the use of ISACs to gather, analyze, and share data to combat cybersecurity problems.
read -
Statistical Methods for Flow Data
July 22, 2004 • White Paper
By Joseph B. Kadane (Department of Statistics, Carnegie Mellon University)
In this presentation, Joseph B. Kadane discusses how Bayesian methods help make the logistic regression approach to scan data stable and operationally feasible.
read -
The State of Standardization Efforts to Support Data Exchange in the Security Domain
July 22, 2004 • Presentation
By Roman Danyliw
In this presentation, Roman Danyliw provides an overview of flow and packet formats, alert and event forms, and context-relevant formats.
read -
Wish List
July 22, 2004 • Presentation
By Thomas A. Longstaff
In this article, Soumyo D. Moitra describes the data needed to plan network security, particularly related to acquiring and deploying network sensors systems.
read