FloCon 2005 Call For Presentations FloCon 2005 Analysis Workshop 20-22 September 2005 New Orleans, Louisiana, US http://www.cert.org/flocon Submissions due June 6, 2005 Overview Workshop Structure Paper Submissions Requirements Proceedings Schedule Administration and Contact The CERT@ Network Situational Awareness group at Carnegie Mellon University's Software Engineering Institute is pleased to announce the second Annual FloCon Workshop, which will be held on September 20-22, 2005 (Tuesday-Thursday) at the Hotel Monteleone in New Orleans, Louisiana. FloCon is an open workshop that provides a forum for researchers, operational analysts, and other parties interested in the security analysis of large volumes of traffic to develop the next generation of flow-based analysis. Flow is an abstraction of network traffic in which packets are grouped together by common attributes over time. In security, flow has been used to survey and analyze large networks and long periods of time, but the field is still in its infancy. We therefore request that in order to encourage discussion and the flow of ideas, attendees submit a paper on a topic related to flow or large-scale analysis. Workshop Structure Our goal for FloCon 2005 is to have an active workshop for discussing flow and network security analysis, and improving these technologies. To do so, we will have a workshop structure with presentations and moderated breakout sessions to work on ideas submitted by attendees. In order to promote discussion and brainstorming during the breakout sessions, each attendee is requested to provide a short (up to 4 page) paper discussing current or proposed work in flow analysis. These submissions will be discussed during the breakout sessions, which will be highly interactive. Based on submissions and suggestions, we will develop a three-day track. Paper Submissions Attendance requires submission of a paper; appropriate topics include, but are not limited to, the following: * Experience reports in flow analysis * Operational security analysis using flow * Advanced flow analysis techniques * Expanding the flow format for security needs * Integrating flows into other security analyses * Facilitating data sharing/public repositories * Flow collection technologies * Network traffic modeling for security * Alternative traffic abstraction approaches * Traffic summarization of other services Submissions are intended to encourage discussion of new topics in security and flow analysis, authors are encouraged to present ideas which may be considered tentative. Requirements * Paper submissions should be short, a maximum of four pages. * Submissions should be mailed in PDF format to the FloCon submission address: flocontact@cert.org. * Submissions are due by June 6th. * Submissions should not have been published elsewhere. * Authors should include their name, an email contact, and the organization they represent. Anonymous submissions will not be accepted. Proceedings All accepted papers will be included in the initial proceedings grouped by the track topics chosen by the committee. In each topic, one paper will be selected for presentation during FloCon; all submissions will be published in the FloCon proceedings. A draft copy of the initial proceedings will be provided on the first day of the FloCon Workshop. Following the completion of FloCon, participants will be able to revise their presentations and position papers in response to feedback. Final proceedings will be published after FloCon. Schedule All papers (PDF format) are due by June 5, 2005, for review by the FloCon committee. Submissions should be sent to flocontact@cert.org Notification of acceptance will be sent by the end of July 2005. Administration and Contact The FloCon program committee for 2005 is Michael Collins, CERT/NetSA Capt. Jeff Jaime, JTF-GNO Neil Long, Team Cymru Colleen Shannon, CAIDA Troy Thompson, PNNL Bill Yurcik, NCSA Questions and comments can be directed to flocontact@cert.org