Flocon 2012 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations, training slides, and posters were provided at FloCon 2012, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.
Collection Items
Automatic Network Protection Scenarios Using NetFlow
• Presentation
By Vojtech Krmícek (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, Dawn Cappelli explains how to prevent insider threat sabotage.
Learn MoreBruteforcing in the Shadows Evading Automated Detection
• Presentation
By Martin Drašar (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, the authors discuss netflow, bruteforce attacks, flow stretching, and intrusion detection.
Learn MoreDesigning a 100% Flow Generator for High-Speed Networks from OC3 to 100GbE
• Presentation
By Software Engineering Institute
In this presentation, the authors discuss the goals and results of designing a flow generator for high-speed networks.
Learn MoreEntropy in IP Darkspace Data
• Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes IP darkspace and the challenges associated with scanning, backscatter, and analyzing the data.
Learn MoreFlow Indexing: Making Queries Go Faster
• Presentation
By John McHugh
In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.
Learn MoreFlowIntegrator: Integrating Flow Technologies with Mainstream Event Management Systems
• Presentation
By Sasha Velednitsky
This presentation describes FlowIntegrator, a NetFlow/IPFIX Mediator that provides real-time integration of network metadata into various systems.
Learn MoreFrom Bandwidth to Beacon Detection, Prism and Touchpoints
• Presentation
By George Jones, Paul Krystosek, Sid Faber
In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.
Learn MoreImplementing Packet Dynamic Awareness in Argus
• Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, the authors discuss Argus and how they use packet dynamics in near-real-time cyber-situational awareness systems.
Learn MoreIndicator Expansion Techniques –Tracking Cyber Threats via DNS and Netflow Analysis
• Presentation
By Michael Jacobs
In this presentation, Michael Jacobs describes how to use DNS and netflow analysis to track cyber threats.
Learn MoreAchieving Real Real-Time Context-Based Actionable Intelligence in Cyber Investigations
• Presentation
By Joel Ebrahimi (Bivio Networks)
In this presentation, given at FloCon 2012, Joel Ebrahimi describes investigations in cyberspace and provides an overview of related tools.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.