John McHugh (RedJack)
Redjack
Publications by John McHugh (RedJack)
-
Flow Storage Revisited: Is It Time to Re-Architect Flow Storage and Processing Systems?
January 12, 2015 • Presentation
John McHugh
In this talk, John presents the results of experiments using a modest data set comprising on the order of a billion flow records.
read -
Streaming Analysis: An Alternate Analysis Paradigm
January 13, 2014 • Presentation
John McHugh
In this presentation, John McHugh discusses how streaming analytics relieves the volume of stored data and decreases threat reaction time.
read -
Considerations for Scan Detection Using Flow Data
January 07, 2013 • Presentation
John McHugh
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
read -
Flow Indexing: Making Queries Go Faster
January 09, 2012 • Presentation
John McHugh
In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.
read -
Detecting Long Flows
January 10, 2011 • Presentation
John McHugh
In this presentation, John McHugh discusses a simple and efficient mechanism for identifying persistent connections in internet data.
read -
First Experiences with Cuckoo Bags
January 11, 2010 • Presentation
John McHughJeff JaniesTeryl Taylor (FloVis)
In this presentation, Redjack staff describe cuckoo bags, data structure and tools for maintaining sets index by IPv4 and IPv6 addresses in the same structure.
read -
Towards Reliable Traffic Classification Using Visual Motifs
January 11, 2010 • Presentation
Wilson Lian (University of North Carolina, Chapel Hill)John McHughFabian Monrose (University of North Carolina, Chapel Hill)
In this presentation, the authors provide an overview of traffic classification, and discuss and evaluate visual motifs.
read -
FloVis Summary
January 12, 2009 • Presentation
Stephen Brooks (CA Labs)Carrie GatesJohn McHugh
In this presentation, the authors describe their current and planned work on FloVis, an extendable framework for network security visualizations.
read -
Security Visualization with FloVis
January 12, 2009 • Presentation
Teryl Taylor (FloVis)Joel Glanfield (CA Labs)Carrie Gates
In this presentation, the authors discuss using FloVis to perform network data analysis.
read -
Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags
January 12, 2009 • Presentation
John McHughUlfar Erlingsson (FloVis)
In this presentation, the authors discuss network traffic analysis, tree and hash-based representations, and column-oriented databases.
read -
Revisiting the Threshold Random Walk Scan Detector
January 07, 2008 • Presentation
Vagishwari Nagaonkar (Wipro Technologies)John McHugh
In this presentation, the authors discuss Threshold Random Walk, a detection algorithm that identifies malicious remote hosts.
read -
Flow Analysis in a Wireless Environment with Short DHCP Leases
January 07, 2008 • Presentation
Sanket Parikh (Dalhousie University)John McHugh
The authors describe the analysis of wireless network data, the use of MAC layer information in netflow tools, and how the tools return converted flow data.
read -
The Past and Future of Flow Analysis
October 10, 2006 • Presentation
John McHugh
This keynote presentation was delivered by John McHugh at FloCon 2006.
read -
Locality Based Analysis of Network Flows
July 22, 2004 • Presentation
John McHughCarrie GatesDamon Becknel
In this presentation, the authors discuss analyzing network data flows using locality, which involves using past observations to predict future behavior.
read -
Sets, Bags, and Rock and Roll? Analyzing Large Data Sets of Network Data
March 24, 2004 • White Paper
John McHugh
In this paper, John McHugh describes problems with monitoring and analyzing traffic on high-speed networks.
read -
SEI Independent Research and Development Projects (FY 2003)
September 01, 2003 • Technical Report
Felix BachmannSven DietrichPeter H. Feiler
This report describes the IR&D projects that were conducted during fiscal year 2003 (October 2002 through September 2003).
read -
Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat
August 18, 2003 • White Paper
John McHughCarrie Gates
In this paper, the authors describe how locality appears in many dimensions and applies to diverse mechanisms.
read -
Life-Cycle Models for Survivable Systems
October 01, 2002 • Technical Report
Richard C. Linger (Oak Ridge National Laboratory)Howard F. LipsonJohn McHugh
In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
read -
Survivable Network Analysis Method
September 01, 2000 • Technical Report
Nancy R. MeadRobert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read -
State of the Practice of Intrusion Detection Technologies
January 01, 2000 • Technical Report
Julia H. AllenAlan M. ChristieWilliam L. Fithen
This report provides an unbiasedassessment of publicly available ID technology. The report also outlines relevant issues for the research community as they formulate research directions and allocate funds.
read