FloCon 2023 Assets
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
FloCon 2023 was hosted by the Software Engineering Institute (SEI) and held in Santa Fe, NM on January 9-12, 2023. FloCon centers on improving network security by analyzing a variety of data supported by innovative machine learning, hardware, and network storage.
We now collect enormous amounts of data from our systems. How can we apply the power of scalable analytics to this large-scale data to protect our systems from cyber threats—both internal and external? FloCon 2023’s theme, Situational Awareness: Beyond the Network, focuses on using these analytics to safeguard organizations and networks.
Find presentations and posters from FloCon 2023 below.
Collection Items
DeCypher: Cyber Knowledge Graph Queries Expressed through Natural Language
• Presentation
By Steven Noel (MITRE)
This session focuses on DeCypher, which represents the first known approach to natural language processing for constructing graph database queries for cyber situational understanding.
Learn MoreIPFIX and DPI Information in a Big Data Environment
• Presentation
By Katherine Prevost, Timothy J. Shimeall
This presentation describes several tools for processing IPFIX flow data with DPI details.
Learn MoreTaranis NG - A New Tool for OSINT Analysis
• Presentation
By Milan Pikula (National Cyber Security Centre)
This presentation describes how to process raw OSINT sources into actionable vulnerability advisories, threat intel, and more, using a recently released open-source tool.
Learn MoreDIB-VDP Pilot - Trail Blazers!
• Presentation
By Melissa Vice (DoD Cyber Crime Center)
This talk presents significant outcomes that affect the nation's Defense Industrial Base (DIB).
Learn MorePractical GAN-based Synthetic IP Header Trace Generation using NetShare
• Presentation
By Yucheng Yin (Carnegie Mellon University)
This presentation describes using Generative Adversarial Networks (GANs) to automatically learn generative models to generate synthetic packet- and flow header traces for networking tasks.
Learn MoreKnowledge Graphs for Security: Past, Present, and Future
• Presentation
By Scott Mongeau (SAS)
This session describes the core value propositions of knowledge graphs (KGs).
Learn MoreAnomaly Detection on Devices DNS Queries Using Deep Learning
• Presentation
By Fatemeh Riahi (Infoblox)
This talk describes a lightweight DNS anomaly detection system that employs a deep learning method on DNS traffic to characterize network devices.
Learn MoreCombating Disinformation in DNS and Beyond
• Presentation
By Blake Anderson (Cisco Systems, Inc.)
This presentation describes commonly employed evasion strategies that attempt to erode the value of domain name-based indicators of compromise, including domain fronting, domain faking, and residential proxying.
Learn MoreDetecting DNS Tunneling Using Behavioral and Content Metadata Features
• Presentation
By Darin Johnson (Infoblox)
This talk describes new work emphasizing a reduction in false positives when using DNS tunneling to detect and counter.
Learn MoreGuppy: A Scalable Security Data Lake
• Presentation
By Faisal Alghamdi (Saudi Aramco), Hafiz Farooq (Saudi Aramco)
This session explains a generic and scalable Security Data Lake framework that is tuned to handle all types of security data.
Learn MoreEfficiently Standing Up a Cloud-Based Cybersecurity Data Lake with Minimal Resourcing
• Presentation
By Rosalie Bakken (Mayo Clinic)
This presentation highlights a quick and efficient approach to build a cybersecurity data lake, incorporating data that are unique to an organization, and providing coverage that is entirely flexible.
Learn MoreLarge Scale Data Preparation for Machine Learning Models
• Presentation
By Matthew Spitzer (Mayo Clinic)
This talk describes one methodology that has been applied to the preparation of large-scale data in support of ML modeling activities.
Learn MoreQUIC Fixes for Network Security Monitoring
• Presentation
By David McGrew (Cisco Systems, Inc.)
This presentation describes the QUIC protocol, how it is currently used, how it facilitates some evasive network behaviors, and how it is possible to extract some useful metadata from the …
Learn MoreMRI for the Cloud Workloads: How Network Data Can Power Visibility, Detection, and Response Programs for Securing Cloud Workloads
• Presentation
By Edward Wu (ExtraHop Networks)
In this talk, we explore how network data can be utilized to provide visibility and ultimately secure cloud workloads.
Learn MoreData-Driven Detection Using PySpark
• Presentation
By Markus De Shon (Google)
This session discusses the underlying Python framework we've built for our own operational needs and are releasing to the public.
Learn More(Attempting to) Automate the Diamond Model
• Presentation
By Teresa Chila (Chevron)
This talk presents a framework for automating some of the tasks in the Diamond Model for Intrusion Analysis.
Learn MoreStriking the Balance: Measuring and Managing the Complexity of Cyber Environments
• Presentation
By Brett Tucker
This presentation proposes and explores a novel means to measure cyber environment complexity.
Learn MoreCyber Precog - A GPU Platform for Better Enabling AI/ML at the Edge
• Poster
By Colin Friedman (Booz Allen Hamilton)
This poster describes Cyber Precog, a GPU-enabled software and data engineering platform that brings operationally honed cyber tooling and a modular pipeline for rapid capability deployment.
DownloadDevSecOps and Traffic Analysis
• Poster
By Timothy A. Chick, Brent Frye
This poster explains an authoritative reference model for DevSecOps, the Platform Independent Model (PIM).
DownloadLeveraging Disparate Enterprise Data for Cybersecurity Purposes
• Poster
By Rosalie Bakken (Mayo Clinic), Matthew Spitzer (Mayo Clinic)
This poster describes a data lake poised to address the most pressing cybersecurity use cases expeditiously and efficiently.
DownloadUnexpected Outbound Protocol (UNX-OBP)
• Poster
By Sean Hutchison
This poster describes the Unexpected Outbound Protocol (UNX-OBP) capability.
DownloadThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.