FloCon 2015 Collection
These presentations were given at FloCon 2015, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
These presentations were given at FloCon 2015, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
The theme of FloCon 2015 was "Formalizing the Art," and participants discussed the art of network analysis and how to make it more formal, rigorous, reliable, well-grounded, or repeatable. Participants also discussed academic advances in novel analytics and the operationalization and automation of well-known techniques.
Collection Contents
-
Flocon 2015 Welcome Talk
January 12, 2015 • Video
By Jonathan Spring
In this video, Jonathan Spring introduces FloCon 2015, which took place in Portland, Oregon in January 2015.
watch -
Advances in Semantically Augmented Flow Data for Dynamic Impact Assessment, Response Selection, and Alert Prioritization
January 12, 2015 • Presentation
By Nik Kinkel (The Ames Laboratory), Harris T. Lin (The Ames Laboratory), Chris Strasburg (The Ames Laboratory)
In this talk, the authors discuss strategies for optimizing the addition of semantic information to flow data to enable it to be used in real time.
read -
Approaching Intelligent Analysis for Attribution and Tracking the Lifecycle of Threats
January 12, 2015 • Presentation
By Timur D. Snoke
In this presentation, Timur Snoke proposes combining the threat assessment native to the Cyber Kill Chain and the attribution capability of the Diamond model.
read -
Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations
January 12, 2015 • Presentation
By Jesus Ramirez Pichardo (Banco de Mexico), Jesus Vazquez Gomez (Banco de Mexico)
In this presentation, the authors discuss Preventive Digital Forensics, which is a modification to traditional digital forensics methods.
read -
Discrete Mathematical Approaches to Traffic Graph Analysis
January 12, 2015 • Presentation
By Cliff Joslyn (Pacific Northwest National Laboratory), Wendy Cowley (Pacific Northwest National Laboratory), Emilie Hogan (Pacific Northwest National Laboratory), Bryan Olsen (Pacific Northwest National Laboratory)
In this presentation, the authors discuss NetFlow multigraphs and graph statistics and provide characterizations of IP interaction during simulated attacks.
read -
Elasticsearch, Logstash, and Kibana (ELK)
January 12, 2015 • Presentation
By Dwight S. Beaver, Sean Hutchison
In this presentation, the authors describe how they deployed ELK, the system architecture overview, and the operational analytics that ELK can create.
read -
Encounter Complexes For Clustering Network Flow
January 12, 2015 • Presentation
By Leigh B. Metcalf
In this presentation, Leigh defines and demonstrates an encounter complex for analyzing network flow.
read -
Enterprise Data Storage and Analysis on Apache Spark
January 12, 2015 • Presentation
By Tim Barr (Cray, Inc.)
In this presentation, Tim explores a formalized architecture utilizing Apache Spark to address data storage challenges.
read -
Finding a Needle in a PCAP
January 12, 2015 • Presentation
By Emily Sarneso
In this presentation, Emily describes the available features in Yet Another Flowmeter (YAF) for indexing large PCAP files with flow.
read -
Flow Storage Revisited: Is It Time to Re-Architect Flow Storage and Processing Systems?
January 12, 2015 • Presentation
By John McHugh
In this talk, John presents the results of experiments using a modest data set comprising on the order of a billion flow records.
read -
Global Situational Awareness with Free Tools
January 12, 2015 • Video
By Dennis M. Allen
In this video, Dennis Allen shows how global situational awareness helps organizations get threat indicators, understand risks, and correlate events.
watch -
Graph Based Role Mining Techniques for Cyber Security
January 12, 2015 • Presentation
By Kiri Oler (Pacific Northwest National Laboratory), Sutanay Choudhury (Pacific Northwest National Laboratory)
In this talk, Kiri proposes tailoring existing role-mining techniques to enterprise networks where the network graph is derived from NetFlow data captured by the enterprise.
read -
Increasing the Insight from Network Flows--Connecting Science to Operational Reality
January 12, 2015 • Presentation
By Grant Babb (Intel Corporation)
In this presentation, Grant outlines an approach that increases the insight that network flows can provide.
read -
Indicator Expansion with Analysis Pipeline
January 12, 2015 • Presentation
By Daniel Ruef
In this presentation, given at FloCon 2015, Dan Ruef discusses indicator expansion.
read -
Locality: A Semi-Formal Flow Dimension
January 12, 2015 • Presentation
By John Gerth (Stanford University)
In this talk, John Gerth discusses "locality," a semi-formal dimension of a flow derived from attributes of the address pairs.
read -
Modeling the Active and Idle Durations of Network Hosts
January 12, 2015 • Presentation
By Soumyo D. Moitra
In this presentation, Soumyo discusses the distributions of active and idle durations of network hosts using flow data.
read -
Monitoring Virtual Networks
January 12, 2015 • Presentation
By George Warnagiris
In this presentation, George Warnagiris describes implementations of three virtualized networks and examines trends in virtual networking.
read -
Network Flow Analysis at SCinet
January 12, 2015 • Presentation
By Eric Dull (Yarc Data), Steven Reinhardt (Cray, Inc.)
In this presentation, the authors share the workflow and architecture of SC14 and and outline plans for analytic improvement at SC15.
read -
Network Flow Analysis in Information Security Strategy
January 12, 2015 • Presentation
By Timothy J. Shimeall
In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.
read -
Semantic Representations of Network Flow: A Proposed Standard with the What, the Why, and the How
January 12, 2015 • Presentation
By Eric Dull (Yarc Data), Rachel Kartch, Robert Techentin (Mayo Clinic)
In this presentation, the authors discuss a proposed standard representation of network flow data, discuss RDF and SPARQL, give examples, and solicit feedback.
read -
SSH Compromise Detection Using NetFlow/IPFIX
January 12, 2015 • Presentation
By Rick Hofstede (University of Twente), Luuk Hendriks (University of Twente)
In this presentation, the authors discuss IDS SSHCure, the first network-based IDS that detects whether an attack has resulted in a compromise.
read -
Statistical Model for Simulation of Normal User Traffic
January 12, 2015 • Presentation
By Jan Stiborek (Cisco Systems, Inc.)
In this presentation, Jan proposes three techniques to generate NetFlow/IPFIX records that mimic the traffic of a real user.
read -
StreamWorks – A System for Real-Time Graph Pattern Matching on Network Traffic
January 12, 2015 • Presentation
By George Chin (Pacific Northwest National Laboratory), Sutanay Choudhury (Pacific Northwest National Laboratory), Khushbu Agarwal (Pacific Northwest National Laboratory)
In this presentation, the authors describe the emerging graph pattern approach and the system design of StreamWorks and demonstrate its emerging threat detection capabilities.
read -
Toa: A Web-Based NetFlow Data Network Monitoring System
January 12, 2015 • Presentation
By José R. Ortiz Ubarri (University of Puerto Rico), Humberto Ortiz-Zuazaga (University of Puerto Rico), Eric Santos (University of Puerto Rico), Albert Maldonado (University of Puerto Rico), Jhensen Grullon (University of Puerto Rico)
In this presentation, the authors discuss Toa, a web-based NetFlow data network monitoring system (NMS).
read -
Using Vantage to Manage Complex Sensor Networks
January 12, 2015 • Presentation
By Michael Collins (RedJack)
In this talk, Michael Collins introduces a systematic methodology for analyzing the vantage of sensor systems.
read -
Why to Measure: Economics and Data in Security Policy
January 12, 2015 • Video
By Allan Friedman (George Washington University)
In this video from FloCon 2015, Allan Friedman gives a keynote presentation titled "Why to Measure: Economics and Data in Security Policy."
watch -
Flocon 2015 Close-Out Talk
January 15, 2015 • Video
By Michael Jacobs
In this video, Mike Jacobs summarizes the presentations from FloCon 2015 and announces the date and location for FloCon 2016.
watch