FloCon 2014 Collection
These presentations were given at FloCon 2014, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
These presentations, training slides, and posters were provided at FloCon 2014, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
FloCon 2014 took place at the Francis Marion Hotel in Charleston, South Carolina, on January 13-16, 2014. This open conference provided a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
Collection Contents
-
10 Years of FloCon
January 13, 2014 • Presentation
By George Warnagiris
In this presentation, George Warnagiris summarizes key events and discussions from the past 10 FloCon events.
read -
A New Visualization for IPv4 Space
January 13, 2014 • Poster
By Leigh B. Metcalf
This poster was presented at FloCon 2014, a network security conference that took place in Charleston, South Carolina, in January 2014.
read -
Advanced SiLK Analysis
January 13, 2014 • Presentation
By Geoffrey T. Sanders, Timothy J. Shimeall
In this presentation, Geoff Sanders and Tim Shimeall provide analysts with knowledge and skills to create, display, and use prefix maps.
read -
PCR - A Flow Metric for the Producer/Consumer Relationship
January 13, 2014 • Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, Carter Bullard and John Gerth discuss data exfiltration and detection methods.
read -
Analysis of Some Time-Series Metrics for Network Monitoring
January 13, 2014 • Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra presents a method and metrics for network situational awareness.
read -
Analyzing Flow Using Encounter Complexes
January 13, 2014 • Presentation
By Leigh B. Metcalf
In this presentation, Leigh Metcalf discusses network flow clustering and the use of encounter traces to form encounter complexes.
read -
Analyzing Large Flow Data Sets Using Modern Open-Source Data Search and Visualization Tools
January 13, 2014 • Presentation
By Max Putas (No Affiliation)
In this presentation, Max Putas describes using common and open source tools to perform flow data analysis.
read -
Argus Instrumentation of the GLORIAD R&E Network for Improved Measurement, Monitoring and Security
January 13, 2014 • Presentation
By Greg Cole (GLORIAD)
In this presentation, Greg Cole describes the improved measurement, monitoring, and security at GLORIAD.
read -
Argus with Netmap: Monitoring Traffic at 10Gbits/s Line Rate Using Commodity Hardware
January 13, 2014 • Presentation
By Harika Tandra
In this presentation, Harika Tandra discusses GLORIAD, a ring of rings fiber-optic network and the GLORIAD-US deployment of Argus.
read -
Bandwidth and End-to-End Delay Analysis of IP and End System Multicast (ESM)
January 13, 2014 • Poster
This poster describes the process to develop models for formalizing the end-to-end delay and the bandwidth efficiency of ESM and IP multicast systems.
read -
Data Fusion at Scale
January 13, 2014 • Presentation
By Markus Deshon
In this presentation, Markus De Shon discusses data fusion, an automated network situation assessment process.
read -
Discovering Unknown Network Activity Using Graphs and Computer Network Data
January 13, 2014 • Poster
By Eric Dull (Yarc Data)
This poster illustrates how to use broad, deep computer network data, statistics, and graph algorithms to identify and prioritize anomalous network activity.
read -
Distributed Summary Statistics with Bro
January 13, 2014 • Presentation
By Vlad Grigorescu
In this presentation, the author discusses developing statistics that summarize network activity distributed over many sensors, while minimizing memory usage.
read -
Finding Malicious Domains Using Shadow Server Reports
January 13, 2014 • Poster
By Brian Allen (US-CERT)
This poster, presented at FloCon 2014, discusses how to identify malicious domains using shadow server reports.
read -
Investigating APT1
January 13, 2014 • Presentation
By Deana Shick, Angela Horneman
In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.
read -
LogStash: Yes Logging Can Be Awesome
January 13, 2014 • Presentation
By James Turnbull (No Affiliation)
In this presentation, James Turnbull discusses how logging can be a core and critical part of your development and operations activities.
read -
Network Analysis with SiLK
January 13, 2014 • Presentation
By Ron Bandes
In this presentation, Ron Bandes provides an introduction to SiLK, a collection of traffic analysis tools.
read -
Network Flow Metadata: Very Large Scale Processing with Argus
January 13, 2014 • Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard defines network flow metadata and describes metadata support in Argus.
read -
Network Flows, Past, Present and Future
January 13, 2014 • Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard the history and future plans for network flow concepts.
read -
Network Security Monitoring with IPFIX and Bro
January 13, 2014 • Presentation
By Randy Caldejon (No Affiliation)
In this presentation, Randy Caldejon discusses whether it's possible to create a framework for producing actionable intelligence with YAF and Bro.
read -
Passive Detection of Misbehaving Name Servers
January 13, 2014 • Presentation
By Jonathan Spring, Leigh B. Metcalf
In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
read -
Passive DNS Collection and Analysis - The "dnstap" Approach
January 13, 2014 • Presentation
By Dr. Paul Vixie
In this 2014 keynote presentation from FloCon 2014, Dr. Paul Vixie discusses passive DNS monitoring and DNS tap, and demonstrates SIE and DNSDB.
read -
PM WIN-T TMD Fight the Network (FTN) / FAVA
January 13, 2014 • Presentation
By Kevin Jacobs (U.S. Army)
In this presentation, Kevin Jacobs discusses FTN goals and its operational view, task details, and data fusion.
read -
Quilt: A System for Distributed Temporal Queries of Security Relevant Heterogeneous Data
January 13, 2014 • Presentation
By Timothy J. Shimeall, George Jones
In this presentation, Tim Shimeall and George Jones describe Quilt, a distributed data query engine that allows for a broach range of data and that supports temporal relationships.
read -
Security Onion: Peel Back the Layers of Your Network in Minutes
January 13, 2014 • Presentation
By Doug Burks
In this presentation, Doug Burks discusses Security Onion, a free linux distro for intrustion detection, network securing monitoring, and log management.
read -
Semantic Flow Augmentation for the Automated Discovery of Organizational Relationships
January 13, 2014 • Presentation
By Chris Strasburg (U.S. Department of Energy)
In this presentation, the authors describe semantic flow augmentation, discuss its use and features, and present ideas for future work.
read -
Setting up a Network Flow Sensor for $100
January 13, 2014 • Presentation
By Ron Bandes, John Badertscher, Dwight S. Beaver
This 2014 presentation describes how to build a network flow sensor using a PogoPlug server and ethernet adapter, a switch as a network tap, and a 16 GB flash drive.
read -
Streaming Analysis: An Alternate Analysis Paradigm
January 13, 2014 • Presentation
By John McHugh
In this presentation, John McHugh discusses how streaming analytics relieves the volume of stored data and decreases threat reaction time.
read -
Stucco: Situation and Threat Understanding by Correlating Contextual Observations
January 13, 2014 • Presentation
By John Gerth (Stanford University), John Goodall (Secure Decisions)
This 2014 presentation shows how Stucco puts security events in context and shows how threats relate to a cyber security analyst's environment.
read -
The Rayon Tools: Visualization at the Command Line
January 13, 2014 • Poster
By Phil Groce
This poster, presented at FloCon 2014, shows how a Rayon visualization works well with the workflow model of UNIX and the shell.
read -
The Routing Table Tool Suite (RT-Tools): Mapping the Internet One Route at a Time or All Routes at One Time
January 13, 2014 • Poster
By Timur D. Snoke
This poster describes the Routing Table Tool Suite (RT-Tool), which displays AS network traffic based on the path analysis of aggregate routing tables.
read -
What Does "Big Data" Even Mean?
January 13, 2014 • Presentation
By Joshua Goldfarb
In this presentation, Josh Golfarb defines and discusses big data, and how we can best take advantage of it.
read -
Visualization of Network Flow Data
January 13, 2014 • Poster
By Paul Krystosek
This poster, presented at FloCon 2014, introduces descriptive, retrospective analysis, and exploratory methods for visualizing data.
read -
VoIP in Flow
January 13, 2014 • Presentation
By Nathan Dell
In this presentation, Nathan Dell discusses VoIP in flow, and presents an analysis of VoIP communications and a lab example of data exfiltration.
read