search menu icon-carat-right cmu-wordmark

FloCon 2015 Collection

These presentations were given at FloCon 2015, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

These presentations were given at FloCon 2015, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

The theme of FloCon 2015 was "Formalizing the Art," and participants discussed the art of network analysis and how to make it more formal, rigorous, reliable, well-grounded, or repeatable. Participants also discussed academic advances in novel analytics and the operationalization and automation of well-known techniques.

Flocon 2015 Welcome Talk

January 2015

In this video, Jonathan Spring introduces FloCon 2015, which took place in Portland, Oregon in January 2015.

Advances in Semantically Augmented Flow Data for Dynamic Impact Assessment, Response Selection, and Alert Prioritization

January 2015

In this talk, the authors discuss strategies for optimizing the addition of semantic information to flow data to enable it to be used in real time.

Approaching Intelligent Analysis for Attribution and Tracking the Lifecycle of Threats

January 2015

In this presentation, Timur Snoke proposes combining the threat assessment native to the Cyber Kill Chain and the attribution capability of the Diamond model.

Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations

January 2015

In this presentation, the authors discuss Preventive Digital Forensics, which is a modification to traditional digital forensics methods.

Discrete Mathematical Approaches to Traffic Graph Analysis

January 2015

In this presentation, the authors discuss NetFlow multigraphs and graph statistics and provide characterizations of IP interaction during simulated attacks.

Elasticsearch, Logstash, and Kibana (ELK)

January 2015

In this presentation, the authors describe how they deployed ELK, the system architecture overview, and the operational analytics that ELK can create.

Encounter Complexes For Clustering Network Flow

January 2015

In this presentation, Leigh defines and demonstrates an encounter complex for analyzing network flow.

Enterprise Data Storage and Analysis on Apache Spark

January 2015

In this presentation, Tim explores a formalized architecture utilizing Apache Spark to address data storage challenges.

Finding a Needle in a PCAP

January 2015

In this presentation, Emily describes the available features in Yet Another Flowmeter (YAF) for indexing large PCAP files with flow.

Flow Storage Revisited: Is It Time to Re-Architect Flow Storage and Processing Systems?

January 2015

In this talk, John presents the results of experiments using a modest data set comprising on the order of a billion flow records.

Global Situational Awareness with Free Tools

January 2015

In this video, Dennis Allen shows how global situational awareness helps organizations get threat indicators, understand risks, and correlate events.

Graph Based Role Mining Techniques for Cyber Security

January 2015

In this talk, Kiri proposes tailoring existing role-mining techniques to enterprise networks where the network graph is derived from NetFlow data captured by the enterprise.

Increasing the Insight from Network Flows--Connecting Science to Operational Reality

January 2015

In this presentation, Grant outlines an approach that increases the insight that network flows can provide.

Indicator Expansion with Analysis Pipeline

January 2015

In this presentation, given at FloCon 2015, Dan Ruef discusses indicator expansion.

Locality: A Semi-Formal Flow Dimension

January 2015

In this talk, John Gerth discusses "locality," a semi-formal dimension of a flow derived from attributes of the address pairs.

Modeling the Active and Idle Durations of Network Hosts

January 2015

In this presentation, Soumyo discusses the distributions of active and idle durations of network hosts using flow data.

Monitoring Virtual Networks

January 2015

In this presentation, George Warnagiris describes implementations of three virtualized networks and examines trends in virtual networking.

Network Flow Analysis at SCinet

January 2015

In this presentation, the authors share the workflow and architecture of SC14 and and outline plans for analytic improvement at SC15.

Network Flow Analysis in Information Security Strategy

January 2015

In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.

Semantic Representations of Network Flow: A Proposed Standard with the What, the Why, and the How

January 2015

In this presentation, the authors discuss a proposed standard representation of network flow data, discuss RDF and SPARQL, give examples, and solicit feedback.

SSH Compromise Detection Using NetFlow/IPFIX

January 2015

In this presentation, the authors discuss IDS SSHCure, the first network-based IDS that detects whether an attack has resulted in a compromise.

Statistical Model for Simulation of Normal User Traffic

January 2015

In this presentation, Jan proposes three techniques to generate NetFlow/IPFIX records that mimic the traffic of a real user.

StreamWorks – A System for Real-Time Graph Pattern Matching on Network Traffic

January 2015

In this presentation, the authors describe the emerging graph pattern approach and the system design of StreamWorks and demonstrate its emerging threat detection capabilities.

Toa: A Web-Based NetFlow Data Network Monitoring System

January 2015

In this presentation, the authors discuss Toa, a web-based NetFlow data network monitoring system (NMS).

Using Vantage to Manage Complex Sensor Networks

January 2015

In this talk, Michael Collins introduces a systematic methodology for analyzing the vantage of sensor systems.

Why to Measure: Economics and Data in Security Policy

January 2015

In this video from FloCon 2015, Allan Friedman gives a keynote presentation titled "Why to Measure: Economics and Data in Security Policy."

Flocon 2015 Close-Out Talk

January 2015

In this video, Mike Jacobs summarizes the presentations from FloCon 2015 and announces the date and location for FloCon 2016.