FloCon 2015 Collection
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
These presentations were given at FloCon 2015, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
The theme of FloCon 2015 was "Formalizing the Art," and participants discussed the art of network analysis and how to make it more formal, rigorous, reliable, well-grounded, or repeatable. Participants also discussed academic advances in novel analytics and the operationalization and automation of well-known techniques.
Collection Items
Flocon 2015 Welcome Talk
• Video
By Jonathan Spring
In this video, Jonathan Spring introduces FloCon 2015, which took place in Portland, Oregon in January 2015.
Watch
Advances in Semantically Augmented Flow Data for Dynamic Impact Assessment, Response Selection, and Alert Prioritization
• Presentation
By Nik Kinkel (The Ames Laboratory), Harris T. Lin (The Ames Laboratory), Chris Strasburg (The Ames Laboratory)
In this talk, the authors discuss strategies for optimizing the addition of semantic information to flow data to enable it to be used in real time.
Learn More
Approaching Intelligent Analysis for Attribution and Tracking the Lifecycle of Threats
• Presentation
By Timur D. Snoke
In this presentation, Timur Snoke proposes combining the threat assessment native to the Cyber Kill Chain and the attribution capability of the Diamond model.
Learn More
Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations
• Presentation
By Jesus Ramirez Pichardo (Banco de Mexico), Jesus Vazquez Gomez (Banco de Mexico)
In this presentation, the authors discuss Preventive Digital Forensics, which is a modification to traditional digital forensics methods.
Learn More
Discrete Mathematical Approaches to Traffic Graph Analysis
• Presentation
By Cliff Joslyn (Pacific Northwest National Laboratory), Wendy Cowley (Pacific Northwest National Laboratory), Emilie Hogan (Pacific Northwest National Laboratory), Bryan Olsen (Pacific Northwest National Laboratory)
In this presentation, the authors discuss NetFlow multigraphs and graph statistics and provide characterizations of IP interaction during simulated attacks.
Learn More
Elasticsearch, Logstash, and Kibana (ELK)
• Presentation
By Dwight S. Beaver, Sean Hutchison
In this presentation, the authors describe how they deployed ELK, the system architecture overview, and the operational analytics that ELK can create.
Learn More
Encounter Complexes For Clustering Network Flow
• Presentation
By Leigh B. Metcalf
In this presentation, Leigh defines and demonstrates an encounter complex for analyzing network flow.
Learn More
Enterprise Data Storage and Analysis on Apache Spark
• Presentation
By Tim Barr (Cray, Inc.)
In this presentation, Tim explores a formalized architecture utilizing Apache Spark to address data storage challenges.
Learn More
Finding a Needle in a PCAP
• Presentation
By Emily Sarneso
In this presentation, Emily describes the available features in Yet Another Flowmeter (YAF) for indexing large PCAP files with flow.
Learn More
Flow Storage Revisited: Is It Time to Re-Architect Flow Storage and Processing Systems?
• Presentation
By John McHugh
In this talk, John presents the results of experiments using a modest data set comprising on the order of a billion flow records.
Learn More
Global Situational Awareness with Free Tools
• Video
By Dennis M. Allen
In this video, Dennis Allen shows how global situational awareness helps organizations get threat indicators, understand risks, and correlate events.
Watch
Graph Based Role Mining Techniques for Cyber Security
• Presentation
By Kiri Oler (Pacific Northwest National Laboratory), Sutanay Choudhury (Pacific Northwest National Laboratory)
In this talk, Kiri proposes tailoring existing role-mining techniques to enterprise networks where the network graph is derived from NetFlow data captured by the enterprise.
Learn More
Increasing the Insight from Network Flows--Connecting Science to Operational Reality
• Presentation
By Grant Babb (Intel Corporation)
In this presentation, Grant outlines an approach that increases the insight that network flows can provide.
Learn More
Indicator Expansion with Analysis Pipeline
• Presentation
By Daniel Ruef
In this presentation, given at FloCon 2015, Dan Ruef discusses indicator expansion.
Learn More
Locality: A Semi-Formal Flow Dimension
• Presentation
By John Gerth (Stanford University)
In this talk, John Gerth discusses "locality," a semi-formal dimension of a flow derived from attributes of the address pairs.
Learn More
Modeling the Active and Idle Durations of Network Hosts
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo discusses the distributions of active and idle durations of network hosts using flow data.
Learn More
Monitoring Virtual Networks
• Presentation
By George Warnagiris
In this presentation, George Warnagiris describes implementations of three virtualized networks and examines trends in virtual networking.
Learn More
Network Flow Analysis at SCinet
• Presentation
By Eric Dull (Yarc Data), Steven Reinhardt (Cray, Inc.)
In this presentation, the authors share the workflow and architecture of SC14 and and outline plans for analytic improvement at SC15.
Learn More
Network Flow Analysis in Information Security Strategy
• Presentation
By Timothy J. Shimeall
In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.
Learn More
Semantic Representations of Network Flow: A Proposed Standard with the What, the Why, and the How
• Presentation
By Eric Dull (Yarc Data), Rachel Kartch, Robert Techentin (Mayo Clinic)
In this presentation, the authors discuss a proposed standard representation of network flow data, discuss RDF and SPARQL, give examples, and solicit feedback.
Learn More
SSH Compromise Detection Using NetFlow/IPFIX
• Presentation
By Rick Hofstede (University of Twente), Luuk Hendriks (University of Twente)
In this presentation, the authors discuss IDS SSHCure, the first network-based IDS that detects whether an attack has resulted in a compromise.
Learn More
Statistical Model for Simulation of Normal User Traffic
• Presentation
By Jan Stiborek (Cisco Systems, Inc.)
In this presentation, Jan proposes three techniques to generate NetFlow/IPFIX records that mimic the traffic of a real user.
Learn More
StreamWorks – A System for Real-Time Graph Pattern Matching on Network Traffic
• Presentation
By George Chin (Pacific Northwest National Laboratory), Sutanay Choudhury (Pacific Northwest National Laboratory), Khushbu Agarwal (Pacific Northwest National Laboratory)
In this presentation, the authors describe the emerging graph pattern approach and the system design of StreamWorks and demonstrate its emerging threat detection capabilities.
Learn More
Toa: A Web-Based NetFlow Data Network Monitoring System
• Presentation
By José R. Ortiz Ubarri (University of Puerto Rico), Humberto Ortiz-Zuazaga (University of Puerto Rico), Eric Santos (University of Puerto Rico), Albert Maldonado (University of Puerto Rico), Jhensen Grullon (University of Puerto Rico)
In this presentation, the authors discuss Toa, a web-based NetFlow data network monitoring system (NMS).
Learn More
Using Vantage to Manage Complex Sensor Networks
• Presentation
By Michael Collins
In this talk, Michael Collins introduces a systematic methodology for analyzing the vantage of sensor systems.
Learn More
Why to Measure: Economics and Data in Security Policy
• Video
By Allan Friedman (George Washington University)
In this video from FloCon 2015, Allan Friedman gives a keynote presentation titled "Why to Measure: Economics and Data in Security Policy."
Watch
Flocon 2015 Close-Out Talk
• Video
By Michael Jacobs
In this video, Mike Jacobs summarizes the presentations from FloCon 2015 and announces the date and location for FloCon 2016.
WatchThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.