FloCon 2018 Presentations
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Collection Items

Big Data Platform
• Presentation
By Software Engineering Institute
In this presentation, the author discusses the evolution of the Big Data Platform, examples of how it is being used today, and key lessons learned in its development.
Learn More
Creating & Sharing Value with Network Activity &Threat Correlation
• Presentation
By Dr. Jamison Day (Looking Glass)
In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return …
Learn More
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
• Presentation
By Anthony Palladino (Boston Fusion Corporation), Andrew Spisak (Boston Fusion Corporation), Christopher Thissen (Boston Fusion Corporation)
In the presentation, the author describes a novel approach to cyber-anomaly detection. The method includes multi-modal data fusion, advanced graph-based analytics, and Bayesian normalcy modeling.
Learn More
When Threat Hunting Fails: Identifying Malvertising Domains Using Lexical Clustering
• Presentation
By Matt Foley (Cisco Systems, Inc.), David Rodriguez (Cisco Systems, Inc.), Dhia Mahjoub (OpenDNS)
In this presentation, the authors discuss the current malvertising threat landscape: ad networks, exchanges, exploits, and popular infection points.
Learn More
Optimal Machine Learning Algorithms
• Presentation
By Hafiz Farooq (Saudi Aramco)
This research paper allows SOC individuals to understand how to use machine learning algorithms optimally in order to complement existing conventional threat hunting capabilities.
Learn More
Analysis of DNS Traffic on the Network EDGE, and In Motion
• Presentation
By Fred Stringer (AT&T Chief Security Organization)
In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes.
Learn More
Detecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference
• Presentation
By Emily Heath (Mitre), Eric Harley (Mitre)
In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.
Learn More
InSight2: An Interactive Web-Based Platform for Modeling and Analysis of Large-Scale Argus Network Flow Data
• Presentation
By Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), J.T. Liso (The University of Tennessee Knoxville)
In this presentation, the authors discuss InSight2, an interactive web-based platform for modeling and analysis of large scale argus network flow data.
Learn More
Identification of Malicious SSL Networks by Subgraph Anomaly Detection
• Presentation
By Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS)
In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
Learn More
Threat Hunting for Lateral Movement
• Presentation
By Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl)
In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science …
Learn More