FloCon 2018 Presentations
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Collection Items
Big Data Platform
• Presentation
By Software Engineering Institute
In this presentation, the author discusses the evolution of the Big Data Platform, examples of how it is being used today, and key lessons learned in its development.
Learn More
Creating & Sharing Value with Network Activity &Threat Correlation
• Presentation
By Dr. Jamison Day (Looking Glass)
In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return …
Learn More
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
• Presentation
By Anthony Palladino (Boston Fusion Corporation), Andrew Spisak (Boston Fusion Corporation), Christopher Thissen (Boston Fusion Corporation)
In the presentation, the author describes a novel approach to cyber-anomaly detection. The method includes multi-modal data fusion, advanced graph-based analytics, and Bayesian normalcy modeling.
Learn More
When Threat Hunting Fails: Identifying Malvertising Domains Using Lexical Clustering
• Presentation
By Matt Foley (Cisco Systems, Inc.), David Rodriguez (Cisco Systems, Inc.), Dhia Mahjoub (OpenDNS)
In this presentation, the authors discuss the current malvertising threat landscape: ad networks, exchanges, exploits, and popular infection points.
Learn More
Optimal Machine Learning Algorithms
• Presentation
By Hafiz Farooq (Saudi Aramco)
This research paper allows SOC individuals to understand how to use machine learning algorithms optimally in order to complement existing conventional threat hunting capabilities.
Learn More
Analysis of DNS Traffic on the Network EDGE, and In Motion
• Presentation
By Fred Stringer (AT&T Chief Security Organization)
In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes.
Learn More
Detecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference
• Presentation
By Emily Heath (Mitre), Eric Harley (Mitre)
In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.
Learn More
InSight2: An Interactive Web-Based Platform for Modeling and Analysis of Large-Scale Argus Network Flow Data
• Presentation
By Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), J.T. Liso (The University of Tennessee Knoxville)
In this presentation, the authors discuss InSight2, an interactive web-based platform for modeling and analysis of large scale argus network flow data.
Learn More
Identification of Malicious SSL Networks by Subgraph Anomaly Detection
• Presentation
By Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS)
In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
Learn More
Threat Hunting for Lateral Movement
• Presentation
By Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl)
In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science …
Learn More
Anomaly Detection in Bipartite Networks
• Presentation
By Mohammed Eslami (Netrias, LLC)
In this presentation, the author discusses automated methods to identify anomalies in cyber networks with data collected at the edge of a network (or other bipartite network).
Learn More
Eliminating Barriers to Automated Tensor Analysis for Large-scale Flows
• Presentation
By James Ezick (Reservoir Labs)
In this presentation, the author gives an introduction to tensor decompositions as a tool for network flow analysis, including insight into tensor methods as a rapidly evolving technology.
Learn More
Multi-Dimensional Network Anomaly Detection with Machine Learning
• Presentation
By CounterFlow AI, Inc.
In this presentation, the authors introduce the state of the art in machine learning anomaly detection and give insight into techniques to limit the errors of statistical approaches.
Learn More
Automated Detection and Analysis of IoT Network Traffic Through Distributed Open Source Sensors and Citizen Scientists
• Presentation
By Joe McManus (University of Colorado)
In this presentation, the author discusses securing the Internet of Things (IoT) through network based detection leveraging low cost distributed sensing, machine learning and citizen scientists.
Learn More
CyGraph: Big-Data Graph Analysis For Cybersecurity and Mission Resilience
• Presentation
By Steven Noel (MITRE)
In this presentation, the author discusses CyGrap, a methodology and tool for improving network security posture, maintaining situational awareness in the face of cyberattacks, and focusing on protection of mission-critical …
Learn More