FloCon 2014 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations, training slides, and posters were provided at FloCon 2014, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
FloCon 2014 took place at the Francis Marion Hotel in Charleston, South Carolina, on January 13-16, 2014. This open conference provided a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
Collection Items

10 Years of FloCon
• Presentation
By George Warnagiris
In this presentation, George Warnagiris summarizes key events and discussions from the past 10 FloCon events.
Learn More
A New Visualization for IPv4 Space
• Poster
By Leigh B. Metcalf
This poster was presented at FloCon 2014, a network security conference that took place in Charleston, South Carolina, in January 2014.
Download
Advanced SiLK Analysis
• Presentation
By Timothy J. Shimeall, Geoff Sanders
In this presentation, Geoff Sanders and Tim Shimeall provide analysts with knowledge and skills to create, display, and use prefix maps.
Learn More
PCR - A Flow Metric for the Producer/Consumer Relationship
• Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, Carter Bullard and John Gerth discuss data exfiltration and detection methods.
Learn More
Analysis of Some Time-Series Metrics for Network Monitoring
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra presents a method and metrics for network situational awareness.
Learn More
Analyzing Flow Using Encounter Complexes
• Presentation
By Leigh B. Metcalf
In this presentation, Leigh Metcalf discusses network flow clustering and the use of encounter traces to form encounter complexes.
Learn More
Analyzing Large Flow Data Sets Using Modern Open-Source Data Search and Visualization Tools
• Presentation
By Max Putas (No Affiliation)
In this presentation, Max Putas describes using common and open source tools to perform flow data analysis.
Learn More
Argus Instrumentation of the GLORIAD R&E Network for Improved Measurement, Monitoring and Security
• Presentation
By Greg Cole (GLORIAD)
In this presentation, Greg Cole describes the improved measurement, monitoring, and security at GLORIAD.
Learn More
Argus with Netmap: Monitoring Traffic at 10Gbits/s Line Rate Using Commodity Hardware
• Presentation
By Software Engineering Institute
In this presentation, Harika Tandra discusses GLORIAD, a ring of rings fiber-optic network, and the GLORIAD-US deployment of Argus.
Learn More
Bandwidth and End-to-End Delay Analysis of IP and End System Multicast (ESM)
• Poster
By Syed Rizvi, Nathan Showan
This poster describes the process to develop models for formalizing the end-to-end delay and the bandwidth efficiency of ESM and IP multicast systems.
Download
Data Fusion at Scale
• Presentation
By Markus Deshon
In this presentation, Markus De Shon discusses data fusion, an automated network situation assessment process.
Learn More
Discovering Unknown Network Activity Using Graphs and Computer Network Data
• Poster
By Eric Dull (Yarc Data)
This poster illustrates how to use broad, deep computer network data, statistics, and graph algorithms to identify and prioritize anomalous network activity.
Download
Distributed Summary Statistics with Bro
• Presentation
By Software Engineering Institute
In this presentation, the author discusses developing statistics that summarize network activity distributed over many sensors, while minimizing memory usage.
Learn More
Finding Malicious Domains Using Shadow Server Reports
• Poster
By Brian Allen (US-CERT)
This poster, presented at FloCon 2014, discusses how to identify malicious domains using shadow server reports.
Download
Investigating APT1
• Presentation
By Deana Shick, Angela Horneman
In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.
Learn More
LogStash: Yes Logging Can Be Awesome
• Presentation
By James Turnbull (No Affiliation)
In this presentation, James Turnbull discusses how logging can be a core and critical part of your development and operations activities.
Learn More
Network Analysis with SiLK
• Presentation
By Ron Bandes
In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.
Learn More
Network Flow Metadata: Very Large Scale Processing with Argus
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard defines network flow metadata and describes metadata support in Argus.
Learn More
Network Flows, Past, Present and Future
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard the history and future plans for network flow concepts.
Learn More
Network Security Monitoring with IPFIX and Bro
• Presentation
By Randy Caldejon (No Affiliation)
In this presentation, Randy Caldejon discusses whether it's possible to create a framework for producing actionable intelligence with YAF and Bro.
Learn More
Passive Detection of Misbehaving Name Servers
• Presentation
By Jonathan Spring, Leigh B. Metcalf
In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
Learn More
Passive DNS Collection and Analysis - The "dnstap" Approach
• Presentation
By Paul Vixie
In this 2014 keynote presentation from FloCon 2014, Dr. Paul Vixie discusses passive DNS monitoring and DNS tap, and demonstrates SIE and DNSDB.
Learn More
PM WIN-T TMD Fight the Network (FTN) / FAVA
• Presentation
By Kevin Jacobs (U.S. Army)
In this presentation, Kevin Jacobs discusses FTN goals and its operational view, task details, and data fusion.
Learn More
Quilt: A System for Distributed Temporal Queries of Security Relevant Heterogeneous Data
• Presentation
By Timothy J. Shimeall, George Jones
In this presentation, Tim Shimeall and George Jones describe Quilt, a distributed data query engine that allows for a broach range of data and that supports temporal relationships.
Learn More
Security Onion: Peel Back the Layers of Your Network in Minutes
• Presentation
By Software Engineering Institute
In this presentation, Doug Burks discusses Security Onion, a free Linux distro for intrusion detection, network securing monitoring, and log management.
Learn More
Semantic Flow Augmentation for the Automated Discovery of Organizational Relationships
• Presentation
By Chris Strasburg (The Ames Laboratory)
In this presentation, the authors describe semantic flow augmentation, discuss its use and features, and present ideas for future work.
Learn More
Setting up a Network Flow Sensor for $100
• Presentation
By Ron Bandes, John Badertscher, Dwight S. Beaver
This 2014 presentation describes how to build a network flow sensor using a PogoPlug server and ethernet adapter, a switch as a network tap, and a 16 GB flash drive.
Learn More
Streaming Analysis: An Alternate Analysis Paradigm
• Presentation
By John McHugh
In this presentation, John McHugh discusses how streaming analytics relieves the volume of stored data and decreases threat reaction time.
Learn More
Stucco: Situation and Threat Understanding by Correlating Contextual Observations
• Presentation
By John Gerth (Stanford University), John Goodall (Secure Decisions)
This 2014 presentation shows how Stucco puts security events in context and shows how threats relate to a cyber security analyst's environment.
Learn More
The Rayon Tools: Visualization at the Command Line
• Poster
By Phil Groce
This poster, presented at FloCon 2014, shows how a Rayon visualization works well with the workflow model of UNIX and the shell.
Download
The Routing Table Tool Suite (RT-Tools): Mapping the Internet One Route at a Time or All Routes at One Time
• Poster
By Timur D. Snoke
This poster describes the Routing Table Tool Suite (RT-Tool), which displays AS network traffic based on the path analysis of aggregate routing tables.
Download
What Does "Big Data" Even Mean?
• Presentation
By Software Engineering Institute
In this presentation, Josh Golfarb defines and discusses big data, and how we can best take advantage of it.
Learn More
Visualization of Network Flow Data
• Poster
By Paul Krystosek
This poster, presented at FloCon 2014, introduces descriptive, retrospective analysis, and exploratory methods for visualizing data.
Download
VoIP in Flow
• Presentation
By Nathan Dell
In this presentation, Nathan Dell discusses VoIP in flow, and presents an analysis of VoIP communications and a lab example of data exfiltration.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.