Flocon 2012 Collection
These presentations were given at Flocon 2012, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
These presentations, training slides, and posters were provided at FloCon 2012, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.
Collection Contents
-
Automatic Network Protection Scenarios Using NetFlow
January 9, 2012 • Presentation
By Vojtech Krmícek (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, Dawn Cappelli explains how to prevent insider threat sabotage.
read -
Bruteforcing in the Shadows Evading Automated Detection
January 9, 2012 • Presentation
By Martin Drašar (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, the authors discuss netflow, bruteforce attacks, flow stretching, and intrusion detection.
read -
Designing a 100% Flow Generator for High-Speed Networks from OC3 to 100GbE
January 9, 2012 • Presentation
By Stuart Wilson , Spencer Greene
In this presentation, the authors discuss the goals and results of designing a flow generator for high-speed networks.
read -
Entropy in IP Darkspace Data
January 9, 2012 • Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes IP darkspace and the challenges associated with scanning, backscatter, and analyzing the data.
read -
Flow Indexing: Making Queries Go Faster
January 9, 2012 • Presentation
By John McHugh
In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.
read -
FlowIntegrator: Integrating Flow Technologies with Mainstream Event Management Systems
January 9, 2012 • Presentation
By Sasha Velednitsky
This presentation describes FlowIntegrator, a NetFlow/IPFIX Mediator that provides real-time integration of network metadata into various systems.
read -
From Bandwidth to Beacon Detection, Prism and Touchpoints
January 9, 2012 • Presentation
By George Jones, Paul Krystosek, Sid Faber
In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.
read -
Implementing Packet Dynamic Awareness in Argus
January 9, 2012 • Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, the authors discuss Argus and how they use packet dynamics in near-real-time cyber-situational awareness systems.
read -
Indicator Expansion Techniques –Tracking Cyber Threats via DNS and Netflow Analysis
January 9, 2012 • Presentation
By Michael Jacobs (Department of Homeland Security)
In this presentation, Michael Jacobs describes how to use DNS and netflow analysis to track cyber threats.
read -
Achieving Real Real-Time Context-Based Actionable Intelligence in Cyber Investigations
January 9, 2012 • Presentation
By Joel Ebrahimi (Bivio Networks)
In this presentation, given at FloCon 2012, Joel Ebrahimi describes investigations in cyberspace and provides an overview of related tools.
read -
Lessons Learned from 10 Years of Network Analysis R&D for Defense and Intel Customers
January 9, 2012 • Presentation
By Thayne Coffman
In this presentation, Thayne Coffman discusses the need for tools that enable flexible workflows and run mid-complexity analytics.
read -
Measurement for Cooperative Network Defense: DEMONS and BlockMon
January 9, 2012 • Presentation
By Brian Trammell
This presentation describes tools that address monitoring approaches and software to build flexible monitoring and data analysis nodes.
read -
Monitoring Trends in Network Flow for Situational Awareness
January 9, 2012 • Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra discusses the role that network monitoring plays in network security and network situational awareness.
read -
Network Profiling with SiLK
January 9, 2012 • Presentation
By George Jones, Austin Whisnant
This presentation describes how to use SiLK to create an inventory of assets on a network and their characteristics and associated purposes.
read -
Network Situational Displays from Network Flow Data
January 9, 2012 • Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the difficulties and goals associated with network flow data displays.
read -
Real Time Situational Awareness Using Argus
January 9, 2012 • Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard describe Argus, a network utilization audit system.
read -
Teaching Flow Analysis with Live Flow Data
January 9, 2012 • Presentation
By Alex Musicante, John Dwyer (Carnegie Mellon University), Sid Faber
In this presentation, the authors describe a partnership with the City of Pittsburgh and Carnegie Mellon to use live flow data to teach flow analysis.
read -
The UberData Source: Holy Grail or Final Fantasy?
January 9, 2012 • Presentation
By Josh Goldfarb (MITS Cybersecurity)
In this presentation, Josh Goldfarb discusses the challenges of complex network instrumentation/data collection and how data overloads IRC and SOC organizations.
read -
The Use of Search Engines for Massively Scalable Forensic Repositories
January 9, 2012 • Presentation
By John H. Ricketson
In this presentation, John Ricketson describes a forensic platform for cyber investigations that is based on search engine technology.
read -
US-CERT: Netflow Visualization
January 9, 2012 • Presentation
By Aaron Bossert (US-CERT), Jerry Derrick (US-CERT)
In this presentation, the authors describe how US-CERT approaches network visualization.
read -
Using Flow for Municipal Planning: Political, Economic, Social and Technical Contexts of the City of Pittsburgh
January 9, 2012 • Presentation
By John Badertscher (Heinz College at Carnegie Mellon University)
In this 2012 presentation, John Badertscher discusses how flow's use relevant to municipal planning and workforce development can be exploited further.
read -
Using Layer 7 Metadata to Augment Flow Analysis
January 9, 2012 • Presentation
By Tim Ray (21CT)
In this presentation, Tim Ray describes the current state and future of network analysis.
read -
Visualizing Traffic on Network Topology
January 9, 2012 • Presentation
By Kazunori Kamiya (NTT Corporation), Hiroshi Kurakami (NTT Corporation)
In this presentation, the authors describe a method of visualizing traffic and topology and provide related examples and use cases.
read