search menu icon-carat-right cmu-wordmark

Flocon 2012 Collection

These presentations were given at Flocon 2012, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

These presentations, training slides, and posters were provided at FloCon 2012, an open conference that provides operational network analysts, tool developers, and researchers a forum to discuss the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.

Automatic Network Protection Scenarios Using NetFlow

January 2012

In this presentation, Dawn Cappelli explains how to prevent insider threat sabotage.

Bruteforcing in the Shadows Evading Automated Detection

January 2012

In this presentation, the authors discuss netflow, bruteforce attacks, flow stretching, and intrusion detection.

Designing a 100% Flow Generator for High-Speed Networks from OC3 to 100GbE

January 2012

In this presentation, the authors discuss the goals and results of designing a flow generator for high-speed networks.

Entropy in IP Darkspace Data

January 2012

In this presentation, Tanja Zseby describes IP darkspace and the challenges associated with scanning, backscatter, and analyzing the data.

Flow Indexing: Making Queries Go Faster

January 2012

In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.

FlowIntegrator: Integrating Flow Technologies with Mainstream Event Management Systems

January 2012

This presentation describes FlowIntegrator, a NetFlow/IPFIX Mediator that provides real-time integration of network metadata into various systems.

From Bandwidth to Beacon Detection, Prism and Touchpoints

January 2012

In this presentation, given at FloCon 2012, the authors provide an overview of beacon detection.

Implementing Packet Dynamic Awareness in Argus

January 2012

In this presentation, the authors discuss Argus and how they use packet dynamics in near-real-time cyber-situational awareness systems.

Indicator Expansion Techniques –Tracking Cyber Threats via DNS and Netflow Analysis

January 2012

In this presentation, Michael Jacobs describes how to use DNS and netflow analysis to track cyber threats.

Achieving Real Real-Time Context-Based Actionable Intelligence in Cyber Investigations

January 2012

In this presentation, given at FloCon 2012, Joel Ebrahimi describes investigations in cyberspace and provides an overview of related tools.

Lessons Learned from 10 Years of Network Analysis R&D for Defense and Intel Customers

January 2012

In this presentation, Thayne Coffman discusses the need for tools that enable flexible workflows and run mid-complexity analytics.

Measurement for Cooperative Network Defense: DEMONS and BlockMon

January 2012

This presentation describes tools that address monitoring approaches and software to build flexible monitoring and data analysis nodes.

Monitoring Trends in Network Flow for Situational Awareness

January 2012

In this presentation, Soumyo Moitra discusses the role that network monitoring plays in network security and network situational awareness.

Network Profiling with SiLK

January 2012

This presentation describes how to use SiLK to create an inventory of assets on a network and their characteristics and associated purposes.

Network Situational Displays from Network Flow Data

January 2012

In this presentation, Timothy Shimeall describes the difficulties and goals associated with network flow data displays.

Real Time Situational Awareness Using Argus

January 2012

In this presentation, Carter Bullard describe Argus, a network utilization audit system.

Teaching Flow Analysis with Live Flow Data

January 2012

In this presentation, the authors describe a partnership with the City of Pittsburgh and Carnegie Mellon to use live flow data to teach flow analysis.

The UberData Source: Holy Grail or Final Fantasy?

January 2012

In this presentation, Josh Goldfarb discusses the challenges of complex network instrumentation/data collection and how data overloads IRC and SOC organizations.

The Use of Search Engines for Massively Scalable Forensic Repositories

January 2012

In this presentation, John Ricketson describes a forensic platform for cyber investigations that is based on search engine technology.

US-CERT: Netflow Visualization

January 2012

In this presentation, the authors describe how US-CERT approaches network visualization.

Using Flow for Municipal Planning: Political, Economic, Social and Technical Contexts of the City of Pittsburgh

January 2012

In this 2012 presentation, John Badertscher discusses how flow's use relevant to municipal planning and workforce development can be exploited further.

Using Layer 7 Metadata to Augment Flow Analysis

January 2012

In this presentation, Tim Ray describes the current state and future of network analysis.

Visualizing Traffic on Network Topology

January 2012

In this presentation, the authors describe a method of visualizing traffic and topology and provide related examples and use cases.