FloCon 2006 Collection
These presentations were given at Flocon 2006, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
This FloCon conference included 12 papers and 13 presentations given by experts in the field of flow analysis. Discussions covered topics such as flow processing, flow measurement, network traffic, and analysis methods.
Collection Contents
-
A Case for Packet Sampling
October 10, 2006 • Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby advises how and when to use sampling.
read -
A System Architecture for Processing Flows
October 9, 2006 • Presentation
By Raj Srinivasan (Bivio Networks)
In this presentation, Raj Srinivasan proposes a clustering architecture and demonstrates its implementation for commercial applications.
read -
A Traffic Analysis of a Small Private Network Compromised by an Online Gaming Host (White Paper)
October 10, 2006 • White Paper
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this paper, Ron McLeod describes a network traffic capture and analysis used to investigate network performance issues of a small private network.
read -
A Traffic Analysis of a Small Private Network Compromised by an Online Gaming Host (Presentation)
October 10, 2006 • Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance)
In this presentation, Ron McLeod describes the results of an analysis to investigate performance issues on a small private network.
read -
Analysis Methods Discussion
October 2, 2006 • Presentation
In this presentation, conference attendees discuss high-level issues addressed at FloCon 2006.
read -
Anomaly Detection Through Blind Flow Analysis Inside a Local Network (White Paper)
October 2, 2006 • White Paper
By Ron McLeod (Corporate Development Telecom Applications Research Alliance), Vagishwari Nagaonkar (Wipro Technologies)
In this paper, the authors describe how hosts may be clustered into user workstations, servers, printers, and hosts compromised by worms.
read -
Anomaly Detection Through Blind Flow Analysis Inside a Local Network (Presentation)
October 10, 2006 • Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance), Vagishwari Nagaonkar (Wipro Technologies)
In this presentation, the authors describe how hosts may be clustered into user workstations, servers, printers, and hosts compromised by worms.
read -
Anomaly Sampling (Bringing Diversity to Network Security)
October 2, 2006 • Presentation
By David Moore (Cooperative Association for Internet Data Analysis (CAIDA))
This presentation was given at FloCon 2006, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
read -
Anomaly-Based BotServer (and more!) Detection
October 10, 2006 • Presentation
By James R. Binkley (Portland State University)
In this presentation, Jim Binkley discusses experimental flow tuples, and botnet server and client mesh detection.
read -
Attribution and Aggregation of Network Flows for Security Analysis (White Paper)
October 10, 2006 • White Paper
By Annarita Giani (UC Berkeley), IanGregorioDe Souza (Dartmouth College), Vincent Berk (Dartmouth College), George Cybenko (Dartmouth College)
In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.
read -
Attribution and Aggregation of Network Flows for Security Analysis (Presentation)
October 10, 2006 • Presentation
By Annarita Giani (UC Berkeley), IanGregorioDe Souza (Dartmouth College), Vincent Berk (Dartmouth College), George Cybenko (Dartmouth College)
In this paper, the authors describe a network flow analyzer capable of attribution and aggregation of different flows to identify suspicious behaviors.
read -
Bidirectional Flow Measurement, IPFIX, and Security Analysis
October 10, 2006 • Presentation
By Elisa Boschi (Hitachi), Brian Trammell
In this presentation, the authors describe the importance of bi-flow information and explain how IPFIX can be used most effectively.
read -
Identifying Anomalous Network Traffic Through the Use of Client Port Distribution
October 10, 2006 • White Paper
By Josh Goldfarb (US-CERT)
In this paper, Josh Goldfarb introduces an approach to IP flow analysis that examines server ports and client ports that exchange flows with them.
read -
Impact of Packet Sampling on Anomaly Detection Metrics
October 10, 2006 • Presentation
By Daniela Brauckhoff (Swiss Federal Institute of Technology (ETH)), Bernhard Tellenbach (Swiss Federal Institute of Technology (ETH)), Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Anukool Lakhina (Boston University), Martin May (Swiss Federal Institute of Technology (ETH))
In this presentation, the authors discuss their evaluation of the impact of sampling on anomaly detection metrics.
read -
IPFIX/PSAMP: What Future Standards Can Offer to Network Security (White Paper)
October 10, 2006 • White Paper
By Tanja Zseby (Fraunhofer Fokus), Elisa Boschi (Hitachi), Thomas Hirsch (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus)
In this paper, the authors show how IPFIX and PSAMP can be used to support network security.
read -
IPFIX/PSAMP: What Future Standards Can Offer to Network Security (Presentation)
October 10, 2006 • Presentation
By Tanja Zseby (Fraunhofer Fokus), Elisa Boschi (Hitachi), Thomas Hirsch (Fraunhofer Fokus), Mark Lutz (Fraunhofer Fokus)
In this presentation, the authors describe exporting packet information with IPFIX.
read -
RAVE: The Retrospective Analysis and Visualization Engine
October 10, 2006 • White Paper
By Phil Groce, John Prevost
In this paper, the authors present RAVE as an analysis service provider.
read -
Scalable Flow Analysis (White Paper)
October 10, 2006 • White Paper
By Abhishek Kumar (University of Maryland), Sapan Bhatia (Princeton)
In this paper, the authors present a new approach for summarization and analysis of flow records.
read -
Scalable Flow Analysis (Presentation)
October 10, 2006 • Presentation
By Abhishek Kumar (University of Maryland), Sapan Bhatia (Princeton)
In this presentation, the authors describe a comprehensive architecture and taxonomy for flow collection and analysis.
read -
System Requirements for Flow Processing
October 10, 2006 • White Paper
By Raj Srinivasan (Bivio Networks)
In this paper, Raj Srinivasan proposes an architecture that meets security requirements and is flexible enough to support future application needs.
read -
The Effect of Packet Sampling on Anomaly Detection
October 10, 2006 • White Paper
By Daniela Brauckhoff (Swiss Federal Institute of Technology (ETH)), Bernhard Tellenbach (Swiss Federal Institute of Technology (ETH)), Arno Wagner (Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)), Anukool Lakhina (Boston University), Martin May (Swiss Federal Institute of Technology (ETH))
In this paper, the authors empirically evaluate the impact of sampling on anomaly detection.
read -
The Past and Future of Flow Analysis
October 10, 2006 • Presentation
By John McHugh
This keynote presentation was delivered by John McHugh at FloCon 2006.
read