FloCon 2014 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations, training slides, and posters were provided at FloCon 2014, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
FloCon 2014 took place at the Francis Marion Hotel in Charleston, South Carolina, on January 13-16, 2014. This open conference provided a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
Collection Items
10 Years of FloCon
• Presentation
By George Warnagiris
In this presentation, George Warnagiris summarizes key events and discussions from the past 10 FloCon events.
Learn MoreA New Visualization for IPv4 Space
• Poster
By Leigh B. Metcalf
This poster was presented at FloCon 2014, a network security conference that took place in Charleston, South Carolina, in January 2014.
DownloadAdvanced SiLK Analysis
• Presentation
By Timothy J. Shimeall, Geoff Sanders
In this presentation, Geoff Sanders and Tim Shimeall provide analysts with knowledge and skills to create, display, and use prefix maps.
Learn MorePCR - A Flow Metric for the Producer/Consumer Relationship
• Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, Carter Bullard and John Gerth discuss data exfiltration and detection methods.
Learn MoreAnalysis of Some Time-Series Metrics for Network Monitoring
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra presents a method and metrics for network situational awareness.
Learn MoreAnalyzing Flow Using Encounter Complexes
• Presentation
By Leigh B. Metcalf
In this presentation, Leigh Metcalf discusses network flow clustering and the use of encounter traces to form encounter complexes.
Learn MoreAnalyzing Large Flow Data Sets Using Modern Open-Source Data Search and Visualization Tools
• Presentation
By Max Putas (No Affiliation)
In this presentation, Max Putas describes using common and open source tools to perform flow data analysis.
Learn MoreArgus Instrumentation of the GLORIAD R&E Network for Improved Measurement, Monitoring and Security
• Presentation
By Greg Cole (GLORIAD)
In this presentation, Greg Cole describes the improved measurement, monitoring, and security at GLORIAD.
Learn MoreArgus with Netmap: Monitoring Traffic at 10Gbits/s Line Rate Using Commodity Hardware
• Presentation
By Software Engineering Institute
In this presentation, Harika Tandra discusses GLORIAD, a ring of rings fiber-optic network, and the GLORIAD-US deployment of Argus.
Learn MoreBandwidth and End-to-End Delay Analysis of IP and End System Multicast (ESM)
• Poster
By Syed Rizvi, Nathan Showan
This poster describes the process to develop models for formalizing the end-to-end delay and the bandwidth efficiency of ESM and IP multicast systems.
DownloadData Fusion at Scale
• Presentation
By Markus Deshon
In this presentation, Markus De Shon discusses data fusion, an automated network situation assessment process.
Learn MoreDiscovering Unknown Network Activity Using Graphs and Computer Network Data
• Poster
By Eric Dull (Yarc Data)
This poster illustrates how to use broad, deep computer network data, statistics, and graph algorithms to identify and prioritize anomalous network activity.
DownloadDistributed Summary Statistics with Bro
• Presentation
By Software Engineering Institute
In this presentation, the author discusses developing statistics that summarize network activity distributed over many sensors, while minimizing memory usage.
Learn MoreFinding Malicious Domains Using Shadow Server Reports
• Poster
By Brian Allen (US-CERT)
This poster, presented at FloCon 2014, discusses how to identify malicious domains using shadow server reports.
DownloadInvestigating APT1
• Presentation
By Deana Shick, Angela Horneman
In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.
Learn MoreLogStash: Yes Logging Can Be Awesome
• Presentation
By James Turnbull (No Affiliation)
In this presentation, James Turnbull discusses how logging can be a core and critical part of your development and operations activities.
Learn MoreNetwork Analysis with SiLK
• Presentation
By Ron Bandes
In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.
Learn MoreNetwork Flow Metadata: Very Large Scale Processing with Argus
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard defines network flow metadata and describes metadata support in Argus.
Learn MoreNetwork Flows, Past, Present and Future
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard the history and future plans for network flow concepts.
Learn MoreNetwork Security Monitoring with IPFIX and Bro
• Presentation
By Randy Caldejon (No Affiliation)
In this presentation, Randy Caldejon discusses whether it's possible to create a framework for producing actionable intelligence with YAF and Bro.
Learn MorePassive Detection of Misbehaving Name Servers
• Presentation
By Jonathan Spring, Leigh B. Metcalf
In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
Learn MorePassive DNS Collection and Analysis - The "dnstap" Approach
• Presentation
By Paul Vixie
In this 2014 keynote presentation from FloCon 2014, Dr. Paul Vixie discusses passive DNS monitoring and DNS tap, and demonstrates SIE and DNSDB.
Learn MorePM WIN-T TMD Fight the Network (FTN) / FAVA
• Presentation
By Kevin Jacobs (U.S. Army)
In this presentation, Kevin Jacobs discusses FTN goals and its operational view, task details, and data fusion.
Learn MoreQuilt: A System for Distributed Temporal Queries of Security Relevant Heterogeneous Data
• Presentation
By Timothy J. Shimeall, George Jones
In this presentation, Tim Shimeall and George Jones describe Quilt, a distributed data query engine that allows for a broach range of data and that supports temporal relationships.
Learn MoreSecurity Onion: Peel Back the Layers of Your Network in Minutes
• Presentation
By Software Engineering Institute
In this presentation, Doug Burks discusses Security Onion, a free Linux distro for intrusion detection, network securing monitoring, and log management.
Learn MoreSemantic Flow Augmentation for the Automated Discovery of Organizational Relationships
• Presentation
By Chris Strasburg (The Ames Laboratory)
In this presentation, the authors describe semantic flow augmentation, discuss its use and features, and present ideas for future work.
Learn MoreSetting up a Network Flow Sensor for $100
• Presentation
By Ron Bandes, John Badertscher, Dwight S. Beaver
This 2014 presentation describes how to build a network flow sensor using a PogoPlug server and ethernet adapter, a switch as a network tap, and a 16 GB flash drive.
Learn MoreStreaming Analysis: An Alternate Analysis Paradigm
• Presentation
By John McHugh
In this presentation, John McHugh discusses how streaming analytics relieves the volume of stored data and decreases threat reaction time.
Learn MoreStucco: Situation and Threat Understanding by Correlating Contextual Observations
• Presentation
By John Gerth (Stanford University), John Goodall (Secure Decisions)
This 2014 presentation shows how Stucco puts security events in context and shows how threats relate to a cyber security analyst's environment.
Learn MoreThe Rayon Tools: Visualization at the Command Line
• Poster
By Phil Groce
This poster, presented at FloCon 2014, shows how a Rayon visualization works well with the workflow model of UNIX and the shell.
DownloadThe Routing Table Tool Suite (RT-Tools): Mapping the Internet One Route at a Time or All Routes at One Time
• Poster
By Timur D. Snoke
This poster describes the Routing Table Tool Suite (RT-Tool), which displays AS network traffic based on the path analysis of aggregate routing tables.
DownloadWhat Does "Big Data" Even Mean?
• Presentation
By Software Engineering Institute
In this presentation, Josh Golfarb defines and discusses big data, and how we can best take advantage of it.
Learn MoreVisualization of Network Flow Data
• Poster
By Paul Krystosek
This poster, presented at FloCon 2014, introduces descriptive, retrospective analysis, and exploratory methods for visualizing data.
DownloadVoIP in Flow
• Presentation
By Nathan Dell
In this presentation, Nathan Dell discusses VoIP in flow, and presents an analysis of VoIP communications and a lab example of data exfiltration.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.