FloCon 2023 Assets
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
FloCon 2023 was hosted by the Software Engineering Institute (SEI) and held in Santa Fe, NM on January 9-12, 2023. FloCon centers on improving network security by analyzing a variety of data supported by innovative machine learning, hardware, and network storage.
We now collect enormous amounts of data from our systems. How can we apply the power of scalable analytics to this large-scale data to protect our systems from cyber threats—both internal and external? FloCon 2023’s theme, Situational Awareness: Beyond the Network, focuses on using these analytics to safeguard organizations and networks.
Find presentations and posters from FloCon 2023 below.
Collection Items
DeCypher: Cyber Knowledge Graph Queries Expressed through Natural Language
• Presentation
By Steven Noel (MITRE)
This session focuses on DeCypher, which represents the first known approach to natural language processing for constructing graph database queries for cyber situational understanding.
Learn More
IPFIX and DPI Information in a Big Data Environment
• Presentation
By Katherine Prevost, Timothy J. Shimeall
This presentation describes several tools for processing IPFIX flow data with DPI details.
Learn More
Taranis NG - A New Tool for OSINT Analysis
• Presentation
By Milan Pikula (National Cyber Security Centre)
This presentation describes how to process raw OSINT sources into actionable vulnerability advisories, threat intel, and more, using a recently released open-source tool.
Learn More
DIB-VDP Pilot - Trail Blazers!
• Presentation
By Melissa Vice (DoD Cyber Crime Center)
This talk presents significant outcomes that affect the nation's Defense Industrial Base (DIB).
Learn More
Practical GAN-based Synthetic IP Header Trace Generation using NetShare
• Presentation
By Yucheng Yin (Carnegie Mellon University)
This presentation describes using Generative Adversarial Networks (GANs) to automatically learn generative models to generate synthetic packet- and flow header traces for networking tasks.
Learn More
Knowledge Graphs for Security: Past, Present, and Future
• Presentation
By Scott Mongeau (SAS)
This session describes the core value propositions of knowledge graphs (KGs).
Learn More
Anomaly Detection on Devices DNS Queries Using Deep Learning
• Presentation
By Fatemeh Riahi (Infoblox)
This talk describes a lightweight DNS anomaly detection system that employs a deep learning method on DNS traffic to characterize network devices.
Learn More
Combating Disinformation in DNS and Beyond
• Presentation
By Blake Anderson (Cisco Systems, Inc.)
This presentation describes commonly employed evasion strategies that attempt to erode the value of domain name-based indicators of compromise, including domain fronting, domain faking, and residential proxying.
Learn More
Detecting DNS Tunneling Using Behavioral and Content Metadata Features
• Presentation
By Darin Johnson (Infoblox)
This talk describes new work emphasizing a reduction in false positives when using DNS tunneling to detect and counter.
Learn More
Guppy: A Scalable Security Data Lake
• Presentation
By Faisal Alghamdi (Saudi Aramco), Hafiz Farooq (Saudi Aramco)
This session explains a generic and scalable Security Data Lake framework that is tuned to handle all types of security data.
Learn More
Efficiently Standing Up a Cloud-Based Cybersecurity Data Lake with Minimal Resourcing
• Presentation
By Rosalie Bakken (Mayo Clinic)
This presentation highlights a quick and efficient approach to build a cybersecurity data lake, incorporating data that are unique to an organization, and providing coverage that is entirely flexible.
Learn More
Large Scale Data Preparation for Machine Learning Models
• Presentation
By Matthew Spitzer (Mayo Clinic)
This talk describes one methodology that has been applied to the preparation of large-scale data in support of ML modeling activities.
Learn More
QUIC Fixes for Network Security Monitoring
• Presentation
By David McGrew (Cisco Systems, Inc.)
This presentation describes the QUIC protocol, how it is currently used, how it facilitates some evasive network behaviors, and how it is possible to extract some useful metadata from the …
Learn More
MRI for the Cloud Workloads: How Network Data Can Power Visibility, Detection, and Response Programs for Securing Cloud Workloads
• Presentation
By Edward Wu (ExtraHop Networks)
In this talk, we explore how network data can be utilized to provide visibility and ultimately secure cloud workloads.
Learn More
Data-Driven Detection Using PySpark
• Presentation
By Markus De Shon (Google)
This session discusses the underlying Python framework we've built for our own operational needs and are releasing to the public.
Learn More
(Attempting to) Automate the Diamond Model
• Presentation
By Teresa Chila (Chevron)
This talk presents a framework for automating some of the tasks in the Diamond Model for Intrusion Analysis.
Learn More
Striking the Balance: Measuring and Managing the Complexity of Cyber Environments
• Presentation
By Brett Tucker
This presentation proposes and explores a novel means to measure cyber environment complexity.
Learn More
Cyber Precog - A GPU Platform for Better Enabling AI/ML at the Edge
• Poster
By Colin Friedman (Booz Allen Hamilton)
This poster describes Cyber Precog, a GPU-enabled software and data engineering platform that brings operationally honed cyber tooling and a modular pipeline for rapid capability deployment.
Download
DevSecOps and Traffic Analysis
• Poster
By Timothy A. Chick, Brent Frye
This poster explains an authoritative reference model for DevSecOps, the Platform Independent Model (PIM).
Download
Leveraging Disparate Enterprise Data for Cybersecurity Purposes
• Poster
By Rosalie Bakken (Mayo Clinic), Matthew Spitzer (Mayo Clinic)
This poster describes a data lake poised to address the most pressing cybersecurity use cases expeditiously and efficiently.
Download
Unexpected Outbound Protocol (UNX-OBP)
• Poster
By Sean Hutchison
This poster describes the Unexpected Outbound Protocol (UNX-OBP) capability.
DownloadThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.