FloCon 2005
Call For Presentations

FloCon 2005 Analysis Workshop
20-22 September 2005
New Orleans, Louisiana, US

Submissions due June 6, 2005
Workshop Structure
Paper Submissions
Administration and Contact

The CERT@ Network Situational Awareness group at Carnegie Mellon
University's Software Engineering Institute is pleased to announce the
second Annual FloCon Workshop, which will be held on September 20-22,
2005 (Tuesday-Thursday) at the Hotel Monteleone in New Orleans,

FloCon is an open workshop that provides a forum for researchers,
operational analysts, and other parties interested in the security
analysis of large volumes of traffic to develop the next generation of
flow-based analysis. Flow is an abstraction of network traffic in
which packets are grouped together by common attributes over time. In
security, flow has been used to survey and analyze large networks and
long periods of time, but the field is still in its infancy. We
therefore request that in order to encourage discussion and the flow
of ideas, attendees submit a paper on a topic related to flow or
large-scale analysis.

Workshop Structure

Our goal for FloCon 2005 is to have an active workshop for discussing
flow and network security analysis, and improving these
technologies. To do so, we will have a workshop structure with
presentations and moderated breakout sessions to work on ideas
submitted by attendees. In order to promote discussion and
brainstorming during the breakout sessions, each attendee is requested
to provide a short (up to 4 page) paper discussing current or proposed
work in flow analysis. These submissions will be discussed during the
breakout sessions, which will be highly interactive. Based on
submissions and suggestions, we will develop a three-day track.

Paper Submissions

Attendance requires submission of a paper; appropriate topics include,
but are not limited to, the following:

    * Experience reports in flow analysis
    * Operational security analysis using flow
    * Advanced flow analysis techniques
    * Expanding the flow format for security needs
    * Integrating flows into other security analyses
    * Facilitating data sharing/public repositories
    * Flow collection technologies
    * Network traffic modeling for security
    * Alternative traffic abstraction approaches
    * Traffic summarization of other services

Submissions are intended to encourage discussion of new topics in security and flow analysis, authors are encouraged to present ideas which may be considered tentative.

    * Paper submissions should be short, a maximum of four pages.
    * Submissions should be mailed in PDF format to the FloCon submission 
      address: flocontact@cert.org.
    * Submissions are due by June 6th.
    * Submissions should not have been published elsewhere.
    * Authors should include their name, an email contact, 
      and the organization they represent. Anonymous submissions
      will not be accepted.


All accepted papers will be included in the initial proceedings
grouped by the track topics chosen by the committee. In each topic,
one paper will be selected for presentation during FloCon; all
submissions will be published in the FloCon proceedings.

A draft copy of the initial proceedings will be provided on the first
day of the FloCon Workshop. Following the completion of FloCon,
participants will be able to revise their presentations and position
papers in response to feedback. Final proceedings will be published
after FloCon.


All papers (PDF format) are due by June 5, 2005, for review by the
FloCon committee.

Submissions should be sent to flocontact@cert.org

Notification of acceptance will be sent by the end of July 2005.
Administration and Contact
The FloCon program committee for 2005 is

Michael Collins, CERT/NetSA
Capt. Jeff Jaime, JTF-GNO
Neil Long, Team Cymru
Colleen Shannon, CAIDA
Troy Thompson, PNNL
Bill Yurcik, NCSA

Questions and comments can be directed to flocontact@cert.org