FloCon 2013 Collection
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations, training slides, and posters were provided at FloCon 2013, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2013, organizers and participants focused on the challenges of "Analysis at Scale." In large network environments, flow data helps to provide a scalable way of seeing the big picture, as well as a streamlined platform for highlighting patterns of malicious behavior over time. More and more commercial tools and platforms are available for collecting and storing not only flow data, but large volumes of other data such as DNS information, packet capture, security logs, and incident reports. At FloCon 2013, participants discussed how to refine "big data" into knowledge, design methods for aggregated analyses at the network edge, and build systems for monitoring thousands or millions of assets at once.
Collection Items

A Distributed Network Security Analysis System Based on Apache Hadoop-Related Technologies
• Presentation
By Software Engineering Institute
In this presentation, the authors describe a design of distrusted real-time network security systems based on Hadoop-related technologies.
Learn More
Analysis of Communication Patterns in Network Flows to Discover Application Intent
• Presentation
By William Turkett (Wake Forest University)
In this presentation, William Turkett describes the communication patterns, such as motifs, in network flow that enable analysis of application intent.
Learn More
Automated Malware Traffic Analysis for IPS Analysts with Scapy and dpkt in Python
• Presentation
By Geoffrey Serrao
In this presentation, Geoffrey Serrao describes trends, techniques, and examples, and suggests ways to improve the process of IDS/IPS alerts.
Learn More
Behavioral Whitelists of Beaconing Activity
• Poster
By Brian Allen (US-CERT), Robert Annand (US-CERT)
This poster, presented by Brian Allen and Robert Annand, illustrates aspects of performing incident analysis using behavioral whitelists of beacons.
Download
Behavioral Whitelists of High Volume Web Traffic to Specific Domains
• Poster
By George Jones, Timothy J. Shimeall
This poster shows how to facilitate incident analysis by creating whitelists of external domains that receive large volumes of traffic.
Download
Bro for Real-Time Large-Scale Understanding
• Presentation
By Software Engineering Institute
In this presentation, Seth hall describes Bro, a real-time event analysis language and platform that offers protocol analysis.
Learn More
Clairvoyant Squirrel: A Scalable Domain Name Classification System
• Presentation
By Software Engineering Institute
In this presentation, the authors discuss problems associated with malicious domain classification, and provide examples, solutions, and proposed future work.
Learn More
Considerations for Scan Detection Using Flow Data
• Presentation
By John McHugh
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Learn More
CyberV@R: A Model to Compute Dollar Value at Risk of Loss to Cyber Attack
• Presentation
By James Ulrich
In this presentation, James Ulrich describes a methodology for constructing risk models that give insight into relative economic costs of cyber attack.
Learn More
Detecting Insider Threats with Netflow
• Presentation
By Software Engineering Institute
In this presentation, Tom Cross describes the challenges of mitigating insider threat, discusses who commits insider attacks, and describes IT sabotage detection.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.