Publications & Links

Argus has been used in a large number of network and cyber security research publications, dissertations, theses, books, presentations and blogs. We're proud that we could support so much research and development in computer networking, cyber security, machine learning, and general science with our work.

Maintaining a complete list has been non-trivial, and the list below is the result of keyword web searches, primarily looking at the Google, and the ACM Library for articles since 2010. If you do not see a research paper, dissertaion, book, presentation, reference that you wrote, or you liked, please send us a pointer. Also, if you find that a link on this page is stale, please send us a note to This email address is being protected from spambots. You need JavaScript enabled to view it..

Research Articles

Fan Zhang, J. Wesley Hines & Jamie B. Coble (2019) A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities, Nuclear Technology, DOI: 10.1080/00295450.2019.1666599
Pektaş, A, Acarman, T. A deep learning method to detect network intrusion through flow‐based features. Int J Network Mgmt. 2019; 29:e2050. https://doi.org/10.1002/nem.2050
Andreoni Lopez, M, Mattos, DMF, Duarte, OCMB, Pujolle, G. Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency Computat Pract Exper. 2019; 31:e5344. https://doi.org/10.1002/cpe.5344
D. Zhuang and J. M. Chang, "Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis," in IEEE Transactions on Information Forensics and Security, vol. 14, no. 6, pp. 1485-1500, June 2019. doi: 10.1109/TIFS.2018.2881657
Osama Faker and Erdogan Dogdu. 2019. Intrusion Detection Using Big Data and Deep Learning Techniques. In Proceedings of the 2019 ACM Southeast Conference (ACM SE '19). ACM, New York, NY, USA, 86-93. DOI: https://doi.org/10.1145/3299815.3314439
X. Wu, T. Miskell, Y. Luo, L. Wang and L. Chen, "Edison: Event-driven Distributed System of Network Measurement," 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Arlington, VA, USA, 2019, pp. 545-550.
Stephanie Ding. 2018. Machine Learning for Cybersecurity: Network-based Botnet Detection Using Time-Limited Flows. Caltech Undergraduate Research Journal, July, 2018.
Homayoun S., Ahmadzadeh M., Hashemi S., Dehghantanha A., Khayami R. (2018) BoTShark: A Deep Learning Approach for Botnet Traffic Detection. In: Dehghantanha A., Conti M., Dargahi T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham
Atli, B.G., Miche, Y., Kalliola, A. et al. Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space, Cognitive Computing (2018) 10: 848. https://doi.org/10.1007/s12559-018-9564-y.
Pektaş, A, Acarman, T. Botnet detection based on network flow summary and deep learning. Int J Network Mgmt. 2018; 28:e2039. https://doi.org/10.1002/nem.2039
Sean Peisert, Eli Dart, William Barnett, Edward Balas, James Cuff, Robert L Grossman, Ari Berman, Anurag Shankar, Brian Tierney. 2018. The medical science DMZ: a network design pattern for data-intensive medical science. Journal of the American Medical Informatics Association, Volume 25, Issue 3, March 2018, Pages 267–274, https://doi.org/10.1093/jamia/ocx104
Nascimento, Zuleika and Djamel Fawzi Hadj Sadok. “MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy.” Information 9 (2018): 233.
Meghdouri, Fares, Tanja Zseby and Félix Iglesias. “Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic.” (2018).
B. G. Atli, Y. Miche and A. Jung, "Network Intrusion Detection Using Flow Statistics," 2018 IEEE Statistical Signal Processing Workshop (SSP), Freiburg, 2018, pp. 70-74. doi: 10.1109/SSP.2018.8450709
Y. Wan, J. Chang, R. Chen and S. Wang, "Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis," 2018 3rd International Conference on Computer and Communication Systems (ICCCS), Nagoya, 2018, pp. 85-88. doi: 10.1109/CCOMS.2018.8463300
M. J. Vargas-Muñoz, R. Martínez-Peláez, P. Velarde-Alvarado, E. Moreno-García, D. L. Torres-Roman and J. J. Ceballos-Mejía, "Classification of network anomalies in flow level network traffic using Bayesian networks," 2018 International Conference on Electronics, Communications and Computers (CONIELECOMP), Cholula, 2018, pp. 238-243. doi: 10.1109/CONIELECOMP.2018.8327205
Chowdhury, S., Khanzadeh, M., Akula, R. et al. Botnet detection using graph-based feature clustering. Journal of Big Data (2017) 4: 14. https://doi.org/10.1186/s40537-017-0074-7
Cho B., Kim K.J., Kim H. (2018) The Isolation Algorithm of Problem Location with Multi-agent Approach for End-to-End Network Performance Management. In: Kim K., Joukov N. (eds) Mobile and Wireless Technologies 2017. ICMWT 2017. Lecture Notes in Electrical Engineering, vol 425. Springer, Singapore
Bhuyan M.H., Bhattacharyya D.K., Kalita J.K. (2017) Practical Tools for Attackers and Defenders. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-65188-0_6
Ankit Bansal and Sudipta Mahapatra. 2017. A comparative analysis of machine learning techniques for botnet detection. In Proceedings of the 10th International Conference on Security of Information and Networks (SIN '17). ACM, New York, NY, USA, 91-98. DOI: https://doi.org/10.1145/3136825.3136874
Luis Miguel Torres, Eduardo Magaña, Daniel Morató, Santiago Garcia-Jimenez, Mikel Izal, TBDClust: Time-based density clustering to enable free browsing of sites in pay-per-use mobile Internet providers. Journal of Network and Computer Applications Volume 99, 1 December 2017, Pages 17-27. ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2017.10.007
F. Haddadi, D. Phan and A. N. Zincir-Heywood, "How to choose from different botnet detection systems?," NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, 2016, pp. 1079-1084. doi: 10.1109/NOMS.2016.7502964
Christopher R. Harshaw, Robert A. Bridges, Michael D. Iannacone, Joel W. Reed, and John R. Goodall. 2016. GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection. In Proceedings of the 11th Annual Cyber and Information Security Research Conference (CISRC '16). ACM, New York, NY, USA, Article 15, 4 pages. DOI: https://doi.org/10.1145/2897795.2897806
Sebasitan Garcia. 2016. Modelling the network behaviour of malware to block malicious patterns. The Stratosphere Project: A Behavioural IPS. Virus Bulletin, Sept 2015.
Nour Moustafa and Jill Slay. 2016. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Sec. J.: A Global Perspective 25, 1-3 (April 2016), 18-31. DOI: http://dx.doi.org/10.1080/19393555.2015.1125974
Kayla M. Straub, Avik Sengupta, Joseph M. Ernst, Robert W. McGwier, Merrick Watchorn, Richard Tilley, and Randolph Marchany. 2016. Malware Propagation in Fully Connected Networks: A Netflow-Based Analysis. MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, 2016, pp. 497-502. doi: 10.1109/MILCOM.2016.7795376.
Buseung Cho, Kyuil Kim, Hyungwoo Park and Jin-Wook Chung. Oct 2015. Network Flow Awareness System for E-Science Collaborative Application. Indian Journal of Science and Technology, Vol 8(26), DOI: 10.17485/ijst/2015/v8i26/81060.
H. Lim, Y. Yamaguchi, H. Shimada and H. Takakura, "Malware classification method based on sequence of traffic flow," 2015 International Conference on Information Systems Security and Privacy (ICISSP), Angers, 2015, pp. 1-8.
Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science; Software Engineering (C3S2E '14). ACM, New York, NY, USA, , Article 27 , 6 pages. DOI=10.1145/2641483.2641540 http://doi.acm.org/10.1145/2641483.2641540
N. Hoque, Monowar H. Bhuyan, R.C. Baishya, D.K. Bhattacharyya, J.K. Kalita, Network attacks: Taxonomy, tools and systems, Journal of Network and Computer Applications, Volume 40, 2014, Pages 307-324, ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2013.08.001.
S. García, M. Grill, J. Stiborek, and A. Zunino. 2014. An empirical comparison of botnet detection methods. Comput. Secur. 45 (September 2014), 100-123. DOI=10.1016/j.cose.2014.05.011 http://dx.doi.org/10.1016/j.cose.2014.05.011
Pratik Narang, Abhishek Thakur, and Chittaranjan Hota. 2014. Hades: a Hadoop-based framework for detection of peer-to-peer botnets. In Proceedings of the 20th International Conference on Management of Data (COMAD '14). Computer Society of India, Mumbai, India, India, 121-124.
N. Hoque, Monowar H. Bhuyan, R. C. Baishya, D. K. Bhattacharyya, and J. K. Kalita. 2014. Review: Network attacks: Taxonomy, tools and systems. J. Netw. Comput. Appl. 40 (April 2014), 307-324. DOI=10.1016/j.jnca.2013.08.001 http://dx.doi.org/10.1016/j.jnca.2013.08.001
Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science & Software Engineering (C3S2E '14). ACM, New York, NY, USA, Article 27, 6 pages. DOI: https://doi.org/10.1145/2641483.2641540
García, S. , Zunino, A. and Campo, M. (2014), Survey on network‐based botnet detection methods. Security Comm. Networks, 7: 878-903. doi:10.1002/sec.800
Skrzewski M. (2013) Monitoring System’s Network Activity for Rootkit Malware Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg
Jin, Hongying & Li, Linhao. (2013). Dynamic Network Traffic Flow Prediction Model based on Modified Quantum-Behaved Particle Swarm Optimization. Journal of Networks. 8. 2332-2339. 10.4304/jnw.8.10.2332-2339.
Mansour Alsaleh, Abdullah Alqahtani, Abdulrahman Alarifi, and AbdulMalik Al-Salman. 2013. Visualizing PHPIDS log files for better understanding of web server attacks. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (VizSec '13), John Goodall, Kwan-Liu Ma, Sophie Engle, and Fabian Fischer (Eds.). ACM, New York, NY, USA, 1-8. DOI=10.1145/2517957.2517958 http://doi.acm.org/10.1145/2517957.2517958
P. Celeda, P. Velan, M. Rabek, R. Hofstede, and A. Pras, Large-scale geolocation for NetFlow. Proceedings of IM. 2013, 1015-1020.
Nichole Boscia. 2012. Flow Analysis Tool Whitepaper. https://www.nas.nasa.gov/assets/pdf/papers/boscia_n_flow_analysis_tools_2012.pdf
R. Hunt, "New developments in network forensics — Tools and techniques," 2012 18th IEEE International Conference on Networks (ICON), Singapore, 2012, pp. 376-381. doi: 10.1109/ICON.2012.6506587
Amit Kumar Tyagi and Sadique Nayeem. Article: Detecting HTTP Botnet using Artificial Immune System (AIS). International Journal of Applied Information Systems 2(6):34-37, May 2012. Published by Foundation of Computer Science, New York, USA.
H. Li, G. Hu, J. Yuan and H. Lai, "P2P Botnet Detection Based on Irregular Phased Similarity," 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control, Harbin, 2012, pp. 79-82. doi: 10.1109/IMCCC.2012.25
Yeonhee Lee and Youngseok Lee. 2012. Toward scalable internet traffic measurement and analysis with Hadoop. SIGCOMM Comput. Commun. Rev. 43, 1 (January 2012), 5-13. DOI=10.1145/2427036.2427038 http://doi.acm.org/10.1145/2427036.2427038
Rodrigo M. P. Silva and Ronaldo M. Salles. 2012. Methodology for detection and restraint of p2p applications in the network. In Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV (ICCSA'12), Beniamino Murgante, Osvaldo Gervasi, Sanjay Misra, Nadia Nedjah, and Ana C. Rocha (Eds.), Vol. Part IV. Springer-Verlag, Berlin, Heidelberg, 326-339. DOI=10.1007/978-3-642-31128-4_24 http://dx.doi.org/10.1007/978-3-642-31128-4_24
Monowar H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Surveying Port Scans and Their Detection Methodologies, The Computer Journal, Volume 54, Issue 10, October 2011, Pages 1565–1581, https://doi.org/10.1093/comjnl/bxr035
Skrzewski M. (2011) Analyzing Outbound Network Traffic. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg
Michael J. Assels, Dana Echtner, Michael Spanner, Serguei A. Mokhov, François Carrière, and Manny Taveroff. 2011. Multifaceted faculty network design and management: practice and experience. In Proceedings of The Fourth International C* Conference on Computer Science and Software Engineering (C3S2E '11). ACM, New York, NY, USA, 151-155. DOI=10.1145/1992896.1992916 http://doi.acm.org/10.1145/1992896.1992916
Saptarshi Guha, Paul Kidwell, Asgrith Barthur, William S Cleveland, John Gerth, and Carter Bullard. 2011. SSH Keystroke Packet Detection, ICS-2011—Monterey, California, Jan 9-11.
Skrzewski M. (2011) Flow Based Algorithm for Malware Traffic Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg
Apeksha Godiyal, Michael Garland, John C. Hart. 2010. Enhancing Network Traffic Visualization by Graph Pattern Analysis.
Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: netflow-based network awareness tool. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-8.
Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani, Saman Shojae Chaeikar. 2010. A Proposed Framework for P2P Botnet Detection. IACSIT International Journal of Engineering and Technology, Vol.2, No.2, April 2010 ISSN: 1793-8236.
Emmanuel S. Pilli, R. C. Joshi, and Rajdeep Niyogi. 2010. Network forensic frameworks: Survey and research challenges. Digit. Investig. 7, 1-2 (October 2010), 14-27. DOI=10.1016/j.diin.2010.02.003 http://dx.doi.org/10.1016/j.diin.2010.02.003
Christopher M. Inacio and Brian Trammell. 2010. YAF: yet another flowmeter. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-16.
2010. Proceedings of the Seventh International Symposium on Visualization for Cyber Security. ACM, New York, NY, USA.
Lin Quan and John Heidemann. 2010. On the characteristics and reasons of long-lived internet flows. In Proceedings of the 10th Annual Conference on Internet Measurement (IMC '10). ACM, New York, NY, USA, 444-450. [doi=10.1145/1879141.1879198]
Mohammed Sqalli, Raed AlShaikh, and Ezzat Ahmed. 2010. A distributed honeynet at KFUPM: a case study. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10), Somesh Jha, Robin Sommer, and Christian Kreibich (Eds.). Springer-Verlag, Berlin, Heidelberg, 486-487.
Pavel Minarik, Jan Vykopal, and Vojtech Krmicek. 2009. Improving Host Profiling with Bidirectional Flows. In Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03 (CSE '09), Vol. 3. IEEE Computer Society, Washington, DC, USA, 231-237. [doi=10.1109/CSE.2009.23]
Cristian Morariu, Peter Racz, and Burkhard Stiller. 2009. Design and Implementation of a Distributed Platform for Sharing IP Flow Records. In Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT (DSOM '09), Claudio Bartolini and Luciano Paschoal Gaspary (Eds.). Springer-Verlag, Berlin, Heidelberg, 1-14. [doi=10.1007/978-3-642-04989-7_1]
H. Okamura, T. Dohi, K. S. Trivedi, Markovian Arrival Process Parameter Estimation With Group Data, IEEE/ACM Transactions on Networking (TON) Vol 17, Issue 4, p.1326-1339, August , 2009, Piscataway, NJ, USA [doi>10.1109/TNET.2008.2008750]
T. Yen, X. Huang, F. Monrose, M. Reiter, Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications, Detection of Intrusions and Malware, and Vulnerability Assessment 6th International Conference, DIMVA 2009, Como, Italy, July 9-10, 2009. Proceedings [doi>10.1007/978-3-642-02918-9]
S. Lin, Z. Gao, K. Xu, Web 2.0 traffic measurement: analysis on online map applications, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, p.7-12, June 03 - 05, 2009, Williamsburg, VA, USA [doi>10.1145/1542245.1542248]
S. Tricaud, P. Saadé, Applied Parallel Coordinates for Logs and Network Traffic Attack Analysis, European Institute for Computer Anti-Virus Research (EICAR) 18th Annual Conference, May 11 - 12, 2009, Berlin, Germany [pdf]
G. Louthan, B. Deetz, M. Walker, J. Hale, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Session: Track 8, Article No. 67, Apr 13 - 15, 2009, Oak Ridge, Tennessee, USA [doi>10.1145/1558607.1558684]
G. Vandenberghe, Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events, Proceedings of the 5th International Workshop on Visualization for Computer Security, VizSec 2008, p. 181-196, September 15, 2008, Cambridge, MA, USA [doi>10.1007/978-3-540-85933-8_18]
Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania [doi>10.1145/1408664.1408679]
Guofei Gu , Roberto Perdisci , Junjie Zhang , Wenke Lee, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proceedings of the 17th conference on Security symposium, p.139-154, July 28-August 01, 2008, San Jose, CA
T-F Yen and M. K. Reiter, Traffic aggregation for malware detection, In Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008 (Lecture Notes in Computer Science 5137), pages 207-227, July 10-11 2008, Paris, France [doi:10.1007/978-3-540-70542-0_11]
Mansour Alsaleh, David Barrera, and P. C. van Oorschot. 2008. Improving Security Visualization with Exposure Map Filtering. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC '08). IEEE Computer Society, Washington, DC, USA, 205-214. DOI=10.1109/ACSAC.2008.16 http://dx.doi.org/10.1109/ACSAC.2008.16
G. Nychis, V. Sekar, D Andersen, H Kim, H Zhang, An empirical evaluation of entropy-based traffic anomaly detection, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, p 151-156, October 20-22, 2008, Vouliagmeni, Greece
Kiran Lakkaraju , Adam Slagell, Evaluating the utility of anonymized network traces for intrusion detection, Proceedings of the 4th international conference on Security and privacy in communication networks, September 22-25, 2008, Istanbul, Turkey [doi>10.1145/1460877.1460899]
L. Merkle, Automated Network Forensics, Proceedings of the 2008 GECCO Conference Companion on Genetic and Evolutionary Computation, p.1929-1932, 2008, Atlanta, GA, USA.
M. Ekmanis, V Novikovs, A Rusko, Unauthorized Network Services Detection by Flow Analysis, Electronics and Electrical Engineering. – Kaunas: Technologija, No. 5(85), p.49-56, 2008.
J. Naous, D. Ericson, A. Covington, G Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, Symposium On Architecture For Networking And Communications Systems, p.1-9, 2008, San Jose, CA
Doantam Phan, John Gerth, Marcia Lee, Andreas Paepcke, and Terry Winograd, Visual Analysis of Network Flow Data with Timelines and Event Plots, VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, 2007 [doi>10.1007/978-3-540-78243-8_6]
Christoforos Kachris, Chidamber Kulkarni, Configurable Transactional Memory, Field-Programmable Custom Computing Machines, 2007. FCCM 2007. 15th Annual IEEE Symposium on, Page(s):65 - 72, April 2007 Napa, Ca, USA. [doi>10.1109/FCCM.2007.41]
David Botta , Rodrigo Werlinger , André Gagné , Konstantin Beznosov , Lee Iverson , Sidney Fels , Brian Fisher, Towards understanding IT security professionals and their tools, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280693]
H. Okamura, Y. Kamahara, T. Dohi, Estimating Markov-modulated compound Poisson processes, Proceedings of the 2nd international conference on Performance evaluation methodologies and tools, Article 28, October 22-27, 2007, Nantes, France.
M. Masuya, t Yamanoue, S. Kubota, An experience of monitoring university network security using a commercial service and DIY monitoring, Proceedings of the 34th annual ACM SIGUCCS conference on User services, p.225-230, November 5-8, 2006, Edmonton, Alberta, Canada [doi>10.1145/1181216.1181267]
A. Ferro, I Delgado, A Munoz, F Liberal, An analytical model for loss estimation in network traffic analysis systems, Journal of Computer and System Sciences, Vol. 72, Issue 7, November 2006 [doi>10.1016/j.jcss.2005.12.004]
L. Xiao, J. Gerth, P. Hanrahan, Enhancing Visual Analysis of Network Traffic Using a Knowledge Representation, Visual Analytics Science And Technology, 2006 IEEE Symposium On, p 107-114, Oct 31 - Nov 2, 2006, Baltimore, MD, USA [doi>10.1109/VAST.2006.261436]
Javier Verdú , Jorge Garcí , Mario Nemirovsky , Mateo Valero, Architectural impact of stateful networking applications, Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA [doi>10.1145/1095890.1095893]
William Yurcik, Visualizing NetFlows for security at line speed: the SIFT tool suite, Proceedings of the 19th conference on Large Installation System Administration Conference, p.16-16, December 04-09, 2005, San Diego, CA
Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029208.1029219]
Dogu Arifler , Gustavo de Veciana , Brian L. Evans, A factor analytic approach to inferring congestion sharing based on flow level measurements, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.67-79, February 2007 [doi>10.1109/TNET.2006.890103]
Thorsten Voss, Klaus-Peter Kossakowski, "Detecting New Patterns of Attacks - Results and Applications of Large Scale Sensoring Networks.," IT-Incidents Management & IT-Forensics - IMF 2006, Conference Proceedings, October, 18th-19th, 2006, Stuttgart.
Sun-Myung Hwang, "P2P Protocol Analysis and Blocking Algorithm", Computational Science and Its Applications – ICCSA 2005 Lecture Notes in Computer Science Volume 3481, 2005, pp 21-30
Javier Verdu, Mario Nemirovsky, Jorge Garcia, and Mateo Valero, "Workload Characterization of Stateful Networking Applications", In Procs. of the 6th International Symposium on High Performance Computing (ISHPC-VI), Higashikasugano, Nara City, Japan, September 2005.
Nick Duffield, "Sampling for Passive Internet Measurement: A Review", Statistical Science, vol. 19, no. 3 472-498, 2004, doi:10.1214/088342304000000206.
Kevin Chen, Jennifer Tu, Alex Vandiver, "Analyzing Network Traffic from a Class B Darknet", This email address is being protected from spambots. You need JavaScript enabled to view it. http://web.mit.edu/~austein/www/darknet.pdf, Dec 2004.
Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network," IEEE Security and Privacy, vol. 2, no. 4, pp. 72-78, July 2004, doi:10.1109/MSP.2004.47
Nick Duffield, Carsten Lund, and Mikkel Thorup. 2002. Properties and prediction of flow statistics from sampled packet streams. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (IMW '02). ACM, New York, NY, USA, 159-171. DOI=10.1145/637201.637225 http://doi.acm.org/10.1145/637201.637225
Nick Duffield , Carsten Lund , Mikkel Thorup, Charging from sampled network usage, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505232]
Steve Romig. 2000. The OSU Flow-tools Package and CISCO NetFlow Logs. In Proceedings of the 14th USENIX conference on System administration (LISA '00). USENIX Association, Berkeley, CA, USA, 291-304.
Marcus J. Ranum, Kent Landfield, Mike Stolarchuk, Mark Sienkiewicz, Andrew Lambeth, and Eric Wall. 1997. Implementing a Generalized Tool for Network Monitoring: ("Best Paper" Award!). In Proceedings of the 11th USENIX conference on System administration (LISA '97). USENIX Association, Berkeley, CA, USA, 1-8.

Dissertations and Theses

Adaptive Network Flow Parameters for Stealthy Botnet Behavior - Machine Learning techniques for providing perturbations to network flow patterns, Thesis, Torgeir Fladby, Autumn 2018.
InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data, Thesis, Hansaka Angel Dias Edirisinghe Kodituwakku, Aug 2017.
An Online Anomaly-Detection Neural Networks-based Clustering for Adaptive Intrusion Detection Systems, Thesis, Roshan Kokabha, Setareh, Feb 2016.
Intensional Cyberforensics, Thesis, Serguei A. Mokhov, Mar 2014.
A comparative study of in-band and out-of-band VoIP protocols in layer 3 and layer 2.5 environments, Thesis, George Pallis, Jan 2011.
Detecting malicious network activity using flow data and learning automata , Thesis, Christian Auby Torbjørn Skagestad Kristian Tveiten, May 2009.
Visualization of Network Traffic to Detect Malicious Network Activity, Thesis, Zhihua Jin, June 2008.
Supporting the Visualization and Forensic Analysis of Network Events, Disseration, Doantham Phan, December 2007.
Keeping Track of Network Flows: An Inexpensive and Fexible Solution, Thesis, Alexander Fedyukin, November 2005.
Using Netflows for slow portscan detection, Thesis, Bjarte Malmedal, 2005.

Books

C Sanders, J Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis, Waltham, MA, Syngress, 2014.
R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response, San Francisco: No Starch Press, 2013.
Wireless Networking in the Developing World 3rd Edition, http://wndw.net, 2013.
S. Davidoff, J. Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall, 1st Edition, 2012.
J. Vacca, Managing Information Secuirty, Syngress Publishing, 2010.
R. Marty, Applied Security Visualization, New York:Addison-Wesley Professional, Aug 2008.
A. Lockhart, Network Security Hacks 2nd Edition, O'Reilly Media, Inc., Sestaphol, CA, USA 2007.
J Babbin, et. al., Security Log Management: Identifying Patterns in the Chaos 2nd Edition, Syngress Publishing, Inc., Rockland, MA, USA 2006.
Flickenger R.; Belcher M.; Canessa E.; Zennaro M, How to Accelerate Your Internet: A practical Guide to Bandwidth Management and Optimisation Using Open Source Software Oxford: INASP/ICTP. ISBN: 0-9778093-1-5. 2006.
V Oppleman, O Friedrichs and B Watson, Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed), McGraw-Hill Osborne Media; 1 edition July 18, 2005.
R. Bejtlich, Extrusion Detection : Security Monitoring for Internal Intrusions, New York:Addison-Wesley, November 2005.
I. Ristic, Apache Security, O'Reilly Media Inc., Sebastopol, CA, USA, 2005.
R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection , New York:Addison-Wesley, 2004.
D. Farmer, W. Venema, Forensic Discovery, New York:Addison-Wesley, 2004.
J. Nazario, Defense and Detection Strategies against Internet Worms, Boston:Artech House, 2004.
Eoghan Casey, Digital Evidence and Computer Crime 2nd Edition, Academic Press, Inc., Orlando, FL, 2004.

Web Articles - Blogs

Know Your Tools: use Picviz to find attacks Sebastien Tricaud, Victor Amaducci, The Honeynet Project, Nov 2009
WHEN {PUFFY} MEETS ^REDDEVIL^ (C.S. Lee's Security Blog)
After an Exploit: mitigation and remediation
Security Incident Management Essentials (Internet2.edu)
Michael Cloppert: Computer Forensic Hero SANS Computer Forensics, Mar 2009
Detecting Botnets Grzegorz Landecki, Linux Journal, Jan 2009
Mass-Mailing Worms: Prevention, Detection and Response Richard Gadsden, SANS Institute, 2009
Nmap facts with parallel coordinates Sebastien Tricaud, Dec 2008
iX Magazine Security Special with DAVIX (December 2008)
Building SElinux policy for Argus Jan-Frode Myklebust, Oct 2008.
Expanding Response: Deeper Analysis for Incident Handlers Russ McRee, SANS Institute, Oct 2008
GuTi.my Network Security (April 2008)
argus - Auditing Network Activity - Performance & Status Monitoring (Jan 2008)
Flowtime - Create a Timeline for Packet Flow (Jan 2008)
Argus - Auditing network activity Russ McRee, ISSA Journal, Nov 2007
Practical Botnet Detection (April 2007)
Keeping an eye on the network with Argus Ralf Spenneberg, Linux Magazine, Feb 2007
Network Security Monitoring: Beyound Intrusion Detection (2006)
Network Defense Applications using IP Sinkholes (2006)
Argus 3.0 on FreeBSD (Aug 2006)
Survey of Network Performance Monitoring Tools (2006)
Network Flow Analysis (2006)
Using archived argus flow records to secure and troublehshoot your network (July 2005)
Defending Networks with Intrustion Detection Systems (June 2004).

Presentations

Argus Metadata Tutorial FloCon 2014 (2014)
Argus Past Present and Future Flocon (2014)
Argus PCR Presentation FloCon (2014)
GLORIAD Argus Presenation FloCon (2014)
Argus Multi-Source Correlation FloCon (2013)
Argus Tutorial FloCon 2012 (2012)
Argus Packet Dynamics Implementation 2012 (2012)
Argus Tutorial FloCon 2011 (2011)
Argus Milcom Presentation (2010)
Argus ICCS Presentation (2010)
Network Flow Data Fusion - GeoSpatial and NetSpatial Data Enhancement (2010)
Using Argus to Analyze Network Flows (2009)
Using Argus and Postgres to Analyze Network Flows for Security(2009)
Flow Based Control Plane Situational Awareness (2009)
Network Monitoring with Argus, NetFlow, and Other Tools (2009)
Network Forensics (2007 APRICOT '07)
NAF: The NetSA Aggregated Flow Tool Suite (2006 LISA '06)
Network Flows and Security (Black Hat Briefings 2005)
Distributed QoS Monitoring - High Performance Network Assurance (FloCon 2005)
A Network of IDS-Sensors for Attack-Statistics (2004 PRESECURE Consulting GmbH)
More Netflow Tools: For Performance and Security (2004 LISA XVIII)
Using Argus Audit Trails to Enhance IDS Analysis (2003)
Implementing Network Security Monitoring with Open Source Tools (2003)
Argus Presentation to IPFIX WG (2001)
Reference to IETF RMON Argus-1.3 Presentation (1994)

 

© Copyright QoSient, LLC.
All Rights Reserved.
site by spliteye