FloCon 2013 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations, training slides, and posters were provided at FloCon 2013, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2013, organizers and participants focused on the challenges of "Analysis at Scale." In large network environments, flow data helps to provide a scalable way of seeing the big picture, as well as a streamlined platform for highlighting patterns of malicious behavior over time. More and more commercial tools and platforms are available for collecting and storing not only flow data, but large volumes of other data such as DNS information, packet capture, security logs, and incident reports. At FloCon 2013, participants discussed how to refine "big data" into knowledge, design methods for aggregated analyses at the network edge, and build systems for monitoring thousands or millions of assets at once.
Collection Items
A Distributed Network Security Analysis System Based on Apache Hadoop-Related Technologies
• Presentation
By Software Engineering Institute
In this presentation, the authors describe a design of distrusted real-time network security systems based on Hadoop-related technologies.
Learn More
Analysis of Communication Patterns in Network Flows to Discover Application Intent
• Presentation
By William Turkett (Wake Forest University)
In this presentation, William Turkett describes the communication patterns, such as motifs, in network flow that enable analysis of application intent.
Learn More
Automated Malware Traffic Analysis for IPS Analysts with Scapy and dpkt in Python
• Presentation
By Geoffrey Serrao
In this presentation, Geoffrey Serrao describes trends, techniques, and examples, and suggests ways to improve the process of IDS/IPS alerts.
Learn More
Behavioral Whitelists of Beaconing Activity
• Poster
By Brian Allen (US-CERT), Robert Annand (US-CERT)
This poster, presented by Brian Allen and Robert Annand, illustrates aspects of performing incident analysis using behavioral whitelists of beacons.
Download
Behavioral Whitelists of High Volume Web Traffic to Specific Domains
• Poster
By George Jones, Timothy J. Shimeall
This poster shows how to facilitate incident analysis by creating whitelists of external domains that receive large volumes of traffic.
Download
Bro for Real-Time Large-Scale Understanding
• Presentation
By Software Engineering Institute
In this presentation, Seth hall describes Bro, a real-time event analysis language and platform that offers protocol analysis.
Learn More
Clairvoyant Squirrel: A Scalable Domain Name Classification System
• Presentation
By Software Engineering Institute
In this presentation, the authors discuss problems associated with malicious domain classification, and provide examples, solutions, and proposed future work.
Learn More
Considerations for Scan Detection Using Flow Data
• Presentation
By John McHugh
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Learn More
CyberV@R: A Model to Compute Dollar Value at Risk of Loss to Cyber Attack
• Presentation
By James Ulrich
In this presentation, James Ulrich describes a methodology for constructing risk models that give insight into relative economic costs of cyber attack.
Learn More
Detecting Insider Threats with Netflow
• Presentation
By Software Engineering Institute
In this presentation, Tom Cross describes the challenges of mitigating insider threat, discusses who commits insider attacks, and describes IT sabotage detection.
Learn More
Detecting Malware P2P Traffic Using Network Flow and DNS Analysis
• Presentation
By Software Engineering Institute
In this presentation, John Jerrim discusses Malware that uses P2P protocols for command and control, and describes a tool for detecting/classifying P2P traffic.
Learn More
Enhancing Network Situational Awareness Using DPI Enhanced IPFIX
• Presentation
By Software Engineering Institute
In this presentation, Hari Kosaraju describes how to improve flow-based traffic visibility and how doing that enhances network situational awareness.
Learn More
Fire Talk About MS-ISAC Efforts
• Presentation
By Adnan Baykal (MS-ISAC)
In this presentation, Adnan Baykal describes the work that MS-ISAC CERT is doing in malware analysis and computer forensics.
Learn More
Flow Analysis Using MapReduce
• Presentation
By Markus Deshon
In this presentation, Markus Deshon describes MapReduce, a programming model for processing large data sets with a parallel, distributed algorithm.
Learn More
FlowViewer: Maintaining NASA’s Earth Science Traffic Situational Awareness
• Presentation
By Software Engineering Institute
In this presentation, Joe Loiacono describes FlowViewer, a tool that provides a web-based user interface to the flow-tools suite and SiLK.
Learn More
Identifying Network Traffic Activity Via Flow Sizes
• Presentation
By Michael Collins
In this presentation, given at FloCon 2013, Michael Collins discusses how to measure NetFlow and DNS traffic captures.
Learn More
Identifying Network Users Using Flow-Based Behavioral Fingerprinting
• Presentation
By Vincent Berk (Dartmouth College), John Murphy (FlowTraq)
In this FloCon 2013 presentation, the authors discuss how to identify network users using flow-based behavioral fingerprinting.
Learn More
Introduction to Anomaly Detection
• Presentation
By Char Sample, George Jones
In this presentation, George Jones describes anomaly detection, discusses collections and classifications, and provides candidates for operational profiles.
Learn More
Network Analysis with SiLK (2013)
• Presentation
By Ron Bandes
In this presentation, Ron Bandes describes the SiLK and iSiLK tools, and how you can use them to monitor your network.
Learn More
Name Servers Should Not Move
• Poster
By Leigh B. Metcalf, Jonathan Spring
In this poster, Leigh Metcalf and Jonathan Spring illustrate how to find name servers that move from IP address to IP address too often.
Download
Near Real-Time Multi-Source Flow Data Correlation
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard discusses the role of flow data in cyber security incident response.
Learn More
Network Flow 2012: Year in Review
• Presentation
By George Warnagiris
In this presentation, George Warnagiris provides a big-picture view of network flow in 2012.
Learn More
Network Flow Metadata: Very Large Scale Processing with Argus
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard defines network flow metadata and describes metadata support in Argus.
Learn More
Network Security Monitoring in Minutes
• Presentation
By Software Engineering Institute
In this presentation, Doug Burks discusses Security Onion, a Ubuntu-based Linux distro for intrusion detection and network security monitoring.
Learn More
Presenting Mongoose A New Approach to Traffic Capture
• Presentation
By Ron McLeod (Corporate Development Telecom Applications Research Alliance), Ashraf Abu Abusharekh
In this presentation, the authors describe Mongoose, a tool for monitoring the activity of the network from outside the network.
Learn More
Scalable NetFlow Analysis with Hadoop
• Presentation
By Software Engineering Institute
In this 2013 presentation, Yeonhee Lee and Youngseok Lee provide an overview of netflow analysis, and describe a Hadoop-based traffic processing tool.
Learn More
Scalable Stacked Index to Speed Access to Multi Terabyte Netflow
• Presentation
By Bruce Griffin (US-CERT)
In this presentation, Bruce Griffin describes a scalable stacked index that identifies the when and where for IPs and how to collect statistics using SiLK tools.
Learn More
Situational Awareness Metrics from Flow and Other Data Sources
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra describes the need for a more flexible set of metrics for establishing network situational awareness.
Learn More
Statistical Analysis of Flow Data Using Python and Redis
• Presentation
By Software Engineering Institute
In this presentation, Kevin Noble provides an overview of beacons and discusses Beacon Bits, an analytical tool set and workflow to detect beacons.
Learn More
Taming Big Flow Data
• Presentation
By Igor Balabine, Sasha Velednitsky
In this FloCon 2013 presentation, the authors present an intelligent approach to integrating flow data with mainstream event management systems.
Learn More
The Limitations of Analysis at Scale
• Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the analysis of large-scale network traffic.
Learn More
Thinking Security
• Presentation
By Steven M. Bellovin
In this keynote presentation from FloCon 2013, Steven Bellovin discusses the challenges associated with maintaining proper computer security.
Learn More
Visualization: Where Are We Going?
• Presentation
By Tim Ray (21CT)
In this presentation, Tim Ray discusses the importance of network security visualization and presents specific tricks you can use to find the “bad guys” using netflow.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.