Publications

Argus has been mentioned in a large number of publications and presentations over the years. Maintaining a complete list is non- trivial, and the list below is the result of a simple search, primarily looking at the ACM Library, so the list is short. If you do not see a book, research paper, presentation, reference that you wrote, or you liked, please send us a pointer. Also, if you find that a link on this page is stale, please send us a note to info@qosient.com.

Thanks!!!!

Books

R. Marty, Applied Security Visualization, New York:Addison-Wesley Professional, Aug 2008.

A. Lockhart, Network Security Hacks 2nd Edition, O'Reilly Media, Inc., Sestaphol, CA, USA 2007.

R. Bejtlich, Extrusion Detection : Security Monitoring for Internal Intrusions, New York:Addison-Wesley, November 2005.

I. Ristic, Apache Security, O'Reilly Media Inc., Sebastopol, CA, USA, 2005.

R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection , New York:Addison-Wesley, 2004.

D. Farmer, W. Venema, Forensic Discovery, New York:Addison-Wesley, 2004.

J. Nazario, Defense and Detection Strategies against Internet Worms, Boston:Artech House, 2004.

Eoghan Casey, Digital Evidence and Computer Crime 2nd Edition, Academic Press, Inc., Orlando, FL, 2004.

Research Articles (examples)

Saptarshi Guha, Paul Kidwell, Asgrith Barthur, William S Cleveland, John Gerth, and Carter Bullard. 2011. SSH Keystroke Packet Detection, ICS-2011—Monterey, California, Jan 9-11.

Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: netflow-based network awareness tool. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-8.

Christopher M. Inacio and Brian Trammell. 2010. YAF: yet another flowmeter. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-16.

2010. Proceedings of the Seventh International Symposium on Visualization for Cyber Security. ACM, New York, NY, USA.

Lin Quan and John Heidemann. 2010. On the characteristics and reasons of long-lived internet flows. In Proceedings of the 10th Annual Conference on Internet Measurement (IMC '10). ACM, New York, NY, USA, 444-450. [doi=10.1145/1879141.1879198]

Mohammed Sqalli, Raed AlShaikh, and Ezzat Ahmed. 2010. A distributed honeynet at KFUPM: a case study. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10), Somesh Jha, Robin Sommer, and Christian Kreibich (Eds.). Springer-Verlag, Berlin, Heidelberg, 486-487.

Cristian Morariu, Peter Racz, and Burkhard Stiller. 2009. Design and Implementation of a Distributed Platform for Sharing IP Flow Records. In Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT (DSOM '09), Claudio Bartolini and Luciano Paschoal Gaspary (Eds.). Springer-Verlag, Berlin, Heidelberg, 1-14. [doi=10.1007/978-3-642-04989-7_1]

H. Okamura, T. Dohi, K. S. Trivedi, Markovian Arrival Process Parameter Estimation With Group Data, IEEE/ACM Transactions on Networking (TON) Vol 17, Issue 4, p.1326-1339, August , 2009, Piscataway, NJ, USA [doi>10.1109/TNET.2008.2008750]

T. Yen, X. Huang, F. Monrose, M. Reiter, Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications, Detection of Intrusions and Malware, and Vulnerability Assessment 6th International Conference, DIMVA 2009, Como, Italy, July 9-10, 2009. Proceedings [doi>10.1007/978-3-642-02918-9]

S. Lin, Z. Gao, K. Xu, Web 2.0 traffic measurement: analysis on online map applications, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, p.7-12, June 03 - 05, 2009, Williamsburg, VA, USA [doi>10.1145/1542245.1542248]

S. Tricaud, P. Saadé, Applied Parallel Coordinates for Logs and Network Traffic Attack Analysis, European Institute for Computer Anti-Virus Research (EICAR) 18th Annual Conference, May 11 - 12, 2009, Berlin, Germany [pdf]

G. Louthan, B. Deetz, M. Walker, J. Hale, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Session: Track 8, Article No. 67, Apr 13 - 15, 2009, Oak Ridge, Tennessee, USA [doi>10.1145/1558607.1558684]

G. Vandenberghe, Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events, Proceedings of the 5th International Workshop on Visualization for Computer Security, VizSec 2008, p. 181-196, September 15, 2008, Cambridge, MA, USA [doi>10.1007/978-3-540-85933-8_18]

Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania [doi>10.1145/1408664.1408679]

Guofei Gu , Roberto Perdisci , Junjie Zhang , Wenke Lee, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proceedings of the 17th conference on Security symposium, p.139-154, July 28-August 01, 2008, San Jose, CA

T-F Yen and M. K. Reiter, Traffic aggregation for malware detection, In Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008 (Lecture Notes in Computer Science 5137), pages 207-227, July 10-11 2008, Paris, France [doi:10.1007/978-3-540-70542-0_11]

G. Nychis, V. Sekar, D Andersen, H Kim, H Zhang, An empirical evaluation of entropy-based traffic anomaly detection, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, p 151-156, October 20-22, 2008, Vouliagmeni, Greece

Kiran Lakkaraju , Adam Slagell, Evaluating the utility of anonymized network traces for intrusion detection, Proceedings of the 4th international conference on Security and privacy in communication networks, September 22-25, 2008, Istanbul, Turkey [doi>10.1145/1460877.1460899]

L. Merkle, Automated Network Forensics, Proceedings of the 2008 GECCO Conference Companion on Genetic and Evolutionary Computation, p.1929-1932, 2008, Atlanta, GA, USA.

J. Naous, D. Ericson, A. Covington, G Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, Symposium On Architecture For Networking And Communications Systems, p.1-9, 2008, San Jose, CA

Doantam Phan, John Gerth, Marcia Lee, Andreas Paepcke, and Terry Winograd, Visual Analysis of Network Flow Data with Timelines and Event Plots, VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, 2007 [doi>10.1007/978-3-540-78243-8_6]

Christoforos Kachris, Chidamber Kulkarni, Configurable Transactional Memory, Field-Programmable Custom Computing Machines, 2007. FCCM 2007. 15th Annual IEEE Symposium on, Page(s):65 - 72, April 2007 Napa, Ca, USA. [doi>10.1109/FCCM.2007.41]

David Botta , Rodrigo Werlinger , André Gagné , Konstantin Beznosov , Lee Iverson , Sidney Fels , Brian Fisher, Towards understanding IT security professionals and their tools, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280693]

H. Okamura, Y. Kamahara, T. Dohi, Estimating Markov-modulated compound Poisson processes, Proceedings of the 2nd international conference on Performance evaluation methodologies and tools, Article 28, October 22-27, 2007, Nantes, France.

M. Masuya, t Yamanoue, S. Kubota, An experience of monitoring university network security using a commercial service and DIY monitoring, Proceedings of the 34th annual ACM SIGUCCS conference on User services, p.225-230, November 5-8, 2006, Edmonton, Alberta, Canada [doi>10.1145/1181216.1181267]

A. Ferro, I Delgado, A Munoz, F Liberal, An analytical model for loss estimation in network traffic analysis systems, Journal of Computer and System Sciences, Vol. 72, Issue 7, November 2006 [doi>10.1016/j.jcss.2005.12.004]

L. Xiao, J. Gerth, P. Hanrahan, Enhancing Visual Analysis of Network Traffic Using a Knowledge Representation, Visual Analytics Science And Technology, 2006 IEEE Symposium On, p 107-114, Oct 31 - Nov 2, 20006, Baltimore, MD, USA [doi>10.1109/VAST.2006.261436]

Javier Verdú , Jorge Garcí , Mario Nemirovsky , Mateo Valero, Architectural impact of stateful networking applications, Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA [doi>10.1145/1095890.1095893]

William Yurcik, Visualizing NetFlows for security at line speed: the SIFT tool suite, Proceedings of the 19th conference on Large Installation System Administration Conference, p.16-16, December 04-09, 2005, San Diego, CA

Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029208.1029219]

Dogu Arifler , Gustavo de Veciana , Brian L. Evans, A factor analytic approach to inferring congestion sharing based on flow level measurements, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.67-79, February 2007 [doi>10.1109/TNET.2006.890103]

Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network," IEEE Security and Privacy, vol. 2, no. 4, pp. 72-78, July 2004, doi:10.1109/MSP.2004.47

Nick Duffield , Carsten Lund , Mikkel Thorup, Charging from sampled network usage, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505232]

Dissertations and Theses

A comparative study of in-band and out-of-band VoIP protocols in layer 3 and layer 2.5 environments, Thesis, George Pallis, Jan 2011.

Visualization of Network Traffic to Detect Malicious Network Activity, Thesis, Zhihua Jin, June 2008.

Supporting the Visualization and Forensic Analysis of Network Events, Disseration, Doantham Phan, December 2007.

Keeping Track of Network Flows: An Inexpensive and Fexible Solution, Thesis, Alexander Fedyukin, November 2005.

Using Netflows for slow portscan detection, Thesis, Bjarte Malmedal, 2005.

Web Articles - Blogs

Know Your Tools: use Picviz to find attacks Sebastien Tricaud, Victor Amaducci, The Honeynet Project, Nov 2009
WHEN {PUFFY} MEETS ^REDDEVIL^ (C.S. Lee's Security Blog)
Security Incident Management Essentials (Internet2.edu)
Michael Cloppert: Computer Forensic Hero SANS Computer Forensics, Mar 2009
Detecting Botnets Grzegorz Landecki, Linux Journal, Jan 2009
Mass-Mailing Worms: Prevention, Detection and Response Richard Gadsden, SANS Institute, 2009
Nmap facts with parallel coordinates Sebastien Tricaud, Dec 2008
iX Magazine Security Special with DAVIX (December 2008)
Building SElinux policy for Argus Jan-Frode Myklebust, Oct 2008.
Expanding Response: Deeper Analysis for Incident Handlers Russ McRee, SANS Institute, Oct 2008
GuTi.my Network Security (April 2008)
argus - Auditing Network Activity - Performance & Status Monitoring (Jan 2008)
Flowtime - Create a Timeline for Packet Flow (Jan 2008)
Argus - Auditing network activity Russ McRee, ISSA Journal, Nov 2007
Practical Botnet Detection (April 2007)
Keeping an eye on the network with Argus Ralf Spenneberg, Linux Magazine, Feb 2007
Argus 3.0 on FreeBSD (Aug 2006)
Survey of Network Performance Monitoring Tools (2006)
Network Flow Analysis (2006)
Using archived argus flow records to secure and troublehshoot your network (July 2005)