FloCon 2013 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations, training slides, and posters were provided at FloCon 2013, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2013, organizers and participants focused on the challenges of "Analysis at Scale." In large network environments, flow data helps to provide a scalable way of seeing the big picture, as well as a streamlined platform for highlighting patterns of malicious behavior over time. More and more commercial tools and platforms are available for collecting and storing not only flow data, but large volumes of other data such as DNS information, packet capture, security logs, and incident reports. At FloCon 2013, participants discussed how to refine "big data" into knowledge, design methods for aggregated analyses at the network edge, and build systems for monitoring thousands or millions of assets at once.
Collection Items
A Distributed Network Security Analysis System Based on Apache Hadoop-Related Technologies
• Presentation
By Software Engineering Institute
In this presentation, the authors describe a design of distrusted real-time network security systems based on Hadoop-related technologies.
Learn MoreAnalysis of Communication Patterns in Network Flows to Discover Application Intent
• Presentation
By William Turkett (Wake Forest University)
In this presentation, William Turkett describes the communication patterns, such as motifs, in network flow that enable analysis of application intent.
Learn MoreAutomated Malware Traffic Analysis for IPS Analysts with Scapy and dpkt in Python
• Presentation
By Geoffrey Serrao
In this presentation, Geoffrey Serrao describes trends, techniques, and examples, and suggests ways to improve the process of IDS/IPS alerts.
Learn MoreBehavioral Whitelists of Beaconing Activity
• Poster
By Brian Allen (US-CERT), Robert Annand (US-CERT)
This poster, presented by Brian Allen and Robert Annand, illustrates aspects of performing incident analysis using behavioral whitelists of beacons.
DownloadBehavioral Whitelists of High Volume Web Traffic to Specific Domains
• Poster
By George Jones, Timothy J. Shimeall
This poster shows how to facilitate incident analysis by creating whitelists of external domains that receive large volumes of traffic.
DownloadBro for Real-Time Large-Scale Understanding
• Presentation
By Software Engineering Institute
In this presentation, Seth hall describes Bro, a real-time event analysis language and platform that offers protocol analysis.
Learn MoreClairvoyant Squirrel: A Scalable Domain Name Classification System
• Presentation
By Software Engineering Institute
In this presentation, the authors discuss problems associated with malicious domain classification, and provide examples, solutions, and proposed future work.
Learn MoreConsiderations for Scan Detection Using Flow Data
• Presentation
By John McHugh
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Learn MoreCyberV@R: A Model to Compute Dollar Value at Risk of Loss to Cyber Attack
• Presentation
By James Ulrich
In this presentation, James Ulrich describes a methodology for constructing risk models that give insight into relative economic costs of cyber attack.
Learn MoreDetecting Insider Threats with Netflow
• Presentation
By Software Engineering Institute
In this presentation, Tom Cross describes the challenges of mitigating insider threat, discusses who commits insider attacks, and describes IT sabotage detection.
Learn MoreDetecting Malware P2P Traffic Using Network Flow and DNS Analysis
• Presentation
By Software Engineering Institute
In this presentation, John Jerrim discusses Malware that uses P2P protocols for command and control, and describes a tool for detecting/classifying P2P traffic.
Learn MoreEnhancing Network Situational Awareness Using DPI Enhanced IPFIX
• Presentation
By Software Engineering Institute
In this presentation, Hari Kosaraju describes how to improve flow-based traffic visibility and how doing that enhances network situational awareness.
Learn MoreFire Talk About MS-ISAC Efforts
• Presentation
By Adnan Baykal (MS-ISAC)
In this presentation, Adnan Baykal describes the work that MS-ISAC CERT is doing in malware analysis and computer forensics.
Learn MoreFlow Analysis Using MapReduce
• Presentation
By Markus Deshon
In this presentation, Markus Deshon describes MapReduce, a programming model for processing large data sets with a parallel, distributed algorithm.
Learn MoreFlowViewer: Maintaining NASA’s Earth Science Traffic Situational Awareness
• Presentation
By Software Engineering Institute
In this presentation, Joe Loiacono describes FlowViewer, a tool that provides a web-based user interface to the flow-tools suite and SiLK.
Learn MoreIdentifying Network Traffic Activity Via Flow Sizes
• Presentation
By Michael Collins
In this presentation, given at FloCon 2013, Michael Collins discusses how to measure NetFlow and DNS traffic captures.
Learn MoreIdentifying Network Users Using Flow-Based Behavioral Fingerprinting
• Presentation
By Vincent Berk (Dartmouth College), John Murphy (FlowTraq)
In this FloCon 2013 presentation, the authors discuss how to identify network users using flow-based behavioral fingerprinting.
Learn MoreIntroduction to Anomaly Detection
• Presentation
By Char Sample, George Jones
In this presentation, George Jones describes anomaly detection, discusses collections and classifications, and provides candidates for operational profiles.
Learn MoreNetwork Analysis with SiLK (2013)
• Presentation
By Ron Bandes
In this presentation, Ron Bandes describes the SiLK and iSiLK tools, and how you can use them to monitor your network.
Learn MoreName Servers Should Not Move
• Poster
By Leigh B. Metcalf, Jonathan Spring
In this poster, Leigh Metcalf and Jonathan Spring illustrate how to find name servers that move from IP address to IP address too often.
DownloadNear Real-Time Multi-Source Flow Data Correlation
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard discusses the role of flow data in cyber security incident response.
Learn MoreNetwork Flow 2012: Year in Review
• Presentation
By George Warnagiris
In this presentation, George Warnagiris provides a big-picture view of network flow in 2012.
Learn MoreNetwork Flow Metadata: Very Large Scale Processing with Argus
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard defines network flow metadata and describes metadata support in Argus.
Learn MoreNetwork Security Monitoring in Minutes
• Presentation
By Software Engineering Institute
In this presentation, Doug Burks discusses Security Onion, a Ubuntu-based Linux distro for intrusion detection and network security monitoring.
Learn MorePresenting Mongoose A New Approach to Traffic Capture
• Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance), Ashraf Abu Abusharekh
In this presentation, the authors describe Mongoose, a tool for monitoring the activity of the network from outside the network.
Learn MoreScalable NetFlow Analysis with Hadoop
• Presentation
By Software Engineering Institute
In this 2013 presentation, Yeonhee Lee and Youngseok Lee provide an overview of netflow analysis, and describe a Hadoop-based traffic processing tool.
Learn MoreScalable Stacked Index to Speed Access to Multi Terabyte Netflow
• Presentation
By Bruce Griffin (US-CERT)
In this presentation, Bruce Griffin describes a scalable stacked index that identifies the when and where for IPs and how to collect statistics using SiLK tools.
Learn MoreSituational Awareness Metrics from Flow and Other Data Sources
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra describes the need for a more flexible set of metrics for establishing network situational awareness.
Learn MoreStatistical Analysis of Flow Data Using Python and Redis
• Presentation
By Software Engineering Institute
In this presentation, Kevin Noble provides an overview of beacons and discusses Beacon Bits, an analytical tool set and workflow to detect beacons.
Learn MoreTaming Big Flow Data
• Presentation
By Igor Balabine, Sasha Velednitsky
In this FloCon 2013 presentation, the authors present an intelligent approach to integrating flow data with mainstream event management systems.
Learn MoreThe Limitations of Analysis at Scale
• Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the analysis of large-scale network traffic.
Learn MoreThinking Security
• Presentation
By Steven M. Bellovin
In this keynote presentation from FloCon 2013, Steven Bellovin discusses the challenges associated with maintaining proper computer security.
Learn MoreVisualization: Where Are We Going?
• Presentation
By Tim Ray (21CT)
In this presentation, Tim Ray discusses the importance of network security visualization and presents specific tricks you can use to find the “bad guys” using netflow.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.