Flocon 2012 Collection
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations, training slides, and posters were provided at FloCon 2012, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.
Collection Items
Automatic Network Protection Scenarios Using NetFlow
• Presentation
By Vojtech Krmícek (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, Dawn Cappelli explains how to prevent insider threat sabotage.
Learn More
Bruteforcing in the Shadows Evading Automated Detection
• Presentation
By Martin Drašar (Masaryk University), Jan Vykopal (Masaryk University)
In this presentation, the authors discuss netflow, bruteforce attacks, flow stretching, and intrusion detection.
Learn More
Designing a 100% Flow Generator for High-Speed Networks from OC3 to 100GbE
• Presentation
By Software Engineering Institute
In this presentation, the authors discuss the goals and results of designing a flow generator for high-speed networks.
Learn More
Entropy in IP Darkspace Data
• Presentation
By Tanja Zseby (Fraunhofer Fokus)
In this presentation, Tanja Zseby describes IP darkspace and the challenges associated with scanning, backscatter, and analyzing the data.
Learn More
Flow Indexing: Making Queries Go Faster
• Presentation
By John McHugh
In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.
Learn More
FlowIntegrator: Integrating Flow Technologies with Mainstream Event Management Systems
• Presentation
By Sasha Velednitsky
This presentation describes FlowIntegrator, a NetFlow/IPFIX Mediator that provides real-time integration of network metadata into various systems.
Learn More
From Bandwidth to Beacon Detection, Prism and Touchpoints
• Presentation
By George Jones, Paul Krystosek, Sid Faber
In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.
Learn More
Implementing Packet Dynamic Awareness in Argus
• Presentation
By Carter Bullard (QuSient LLC), John Gerth (Stanford University)
In this presentation, the authors discuss Argus and how they use packet dynamics in near-real-time cyber-situational awareness systems.
Learn More
Indicator Expansion Techniques –Tracking Cyber Threats via DNS and Netflow Analysis
• Presentation
By Michael Jacobs
In this presentation, Michael Jacobs describes how to use DNS and netflow analysis to track cyber threats.
Learn More
Achieving Real Real-Time Context-Based Actionable Intelligence in Cyber Investigations
• Presentation
By Joel Ebrahimi (Bivio Networks)
In this presentation, given at FloCon 2012, Joel Ebrahimi describes investigations in cyberspace and provides an overview of related tools.
Learn More
Lessons Learned from 10 Years of Network Analysis R&D for Defense and Intel Customers
• Presentation
By Thayne Coffman
In this presentation, Thayne Coffman discusses the need for tools that enable flexible workflows and run mid-complexity analytics.
Learn More
Measurement for Cooperative Network Defense: DEMONS and BlockMon
• Presentation
By Brian Trammell
This presentation describes tools that address monitoring approaches and software to build flexible monitoring and data analysis nodes.
Learn More
Monitoring Trends in Network Flow for Situational Awareness
• Presentation
By Soumyo D. Moitra
In this presentation, Soumyo Moitra discusses the role that network monitoring plays in network security and network situational awareness.
Learn More
Network Profiling with SiLK
• Presentation
By George Jones, Austin Whisnant
This presentation describes how to use SiLK to create an inventory of assets on a network and their characteristics and associated purposes.
Learn More
Network Situational Displays from Network Flow Data
• Presentation
By Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the difficulties and goals associated with network flow data displays.
Learn More
Real Time Situational Awareness Using Argus
• Presentation
By Carter Bullard (QuSient LLC)
In this presentation, Carter Bullard describe Argus, a network utilization audit system.
Learn More
Teaching Flow Analysis with Live Flow Data
• Presentation
By John Dwyer (Carnegie Mellon University), Sid Faber
In this presentation, the authors describe a partnership with the City of Pittsburgh and Carnegie Mellon to use live flow data to teach flow analysis.
Learn More
The UberData Source: Holy Grail or Final Fantasy?
• Presentation
By Josh Goldfarb (US-CERT)
In this presentation, Josh Goldfarb discusses the challenges of complex network instrumentation/data collection and how data overloads IRC and SOC organizations.
Learn More
The Use of Search Engines for Massively Scalable Forensic Repositories
• Presentation
By John H. Ricketson
In this presentation, John Ricketson describes a forensic platform for cyber investigations that is based on search engine technology.
Learn More
US-CERT: Netflow Visualization
• Presentation
By Aaron Bossert (US-CERT), Jerry Derrick (US-CERT)
In this presentation, the authors describe how US-CERT approaches network visualization.
Learn More
Using Flow for Municipal Planning: Political, Economic, Social and Technical Contexts of the City of Pittsburgh
• Presentation
By John Badertscher
In this 2012 presentation, John Badertscher discusses how flow's use relevant to municipal planning and workforce development can be exploited further.
Learn More
Using Layer 7 Metadata to Augment Flow Analysis
• Presentation
By Tim Ray (21CT)
In this presentation, Tim Ray describes the current state and future of network analysis.
Learn More
Visualizing Traffic on Network Topology
• Presentation
By Kazunori Kamiya (NTT Corporation), Hiroshi Kurakami (NTT Corporation)
In this presentation, the authors describe a method of visualizing traffic and topology and provide related examples and use cases.
Learn MoreThis content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.