search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

  1. SEI
  2. Publications
  3. Digital Library
  4. Improving Analytics Using Enriched Network Flow Data

Improving Analytics Using Enriched Network Flow Data

April 2023 Webinar
Timothy J. Shimeall, Katherine Prevost

In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.

Publisher:

Software Engineering Institute

Watch

Abstract

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide information about indications of behavior rather than information that accurately identifies behavior with high confidence. In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.

What attendees will learn:

  • trade-offs involved in collecting various levels of detailed network data
  • an example of analysis showing the application of DPI in identifying network behaviors
  • the value of working in data analysis environments, leveraging the power of such processing environments, and the availability of language features and libraries that facilitate analysis

About the Speaker

Timothy J. Shimeall

Timothy J. Shimeall

Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating ...

Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Tim is also an Adjunct Professor at Carnegie Mellon University, with teaching and research interests focused on information survivability. Before joining Carnegie Mellon University, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, California. He taught a variety of topics in software engineering, systems and security and supervised numerous masters and Ph.D. theses. He has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.

Read more
Katherine Prevost

Katherine Prevost