FloCon 2018 Presentations
• Collection
Publisher
Software Engineering Institute
Subjects
Abstract
These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Collection Items
Big Data Platform
• Presentation
By Software Engineering Institute
In this presentation, the author discusses the evolution of the Big Data Platform, examples of how it is being used today, and key lessons learned in its development.
Learn MoreCreating & Sharing Value with Network Activity &Threat Correlation
• Presentation
By Dr. Jamison Day (Looking Glass)
In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return …
Learn MoreAnomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
• Presentation
By Anthony Palladino (Boston Fusion Corporation), Andrew Spisak (Boston Fusion Corporation), Christopher Thissen (Boston Fusion Corporation)
In the presentation, the author describes a novel approach to cyber-anomaly detection. The method includes multi-modal data fusion, advanced graph-based analytics, and Bayesian normalcy modeling.
Learn MoreWhen Threat Hunting Fails: Identifying Malvertising Domains Using Lexical Clustering
• Presentation
By Matt Foley (Cisco Systems, Inc.), David Rodriguez (Cisco Systems, Inc.), Dhia Mahjoub (OpenDNS)
In this presentation, the authors discuss the current malvertising threat landscape: ad networks, exchanges, exploits, and popular infection points.
Learn MoreOptimal Machine Learning Algorithms
• Presentation
By Hafiz Farooq (Saudi Aramco)
This research paper allows SOC individuals to understand how to use machine learning algorithms optimally in order to complement existing conventional threat hunting capabilities.
Learn MoreAnalysis of DNS Traffic on the Network EDGE, and In Motion
• Presentation
By Fred Stringer (AT&T Chief Security Organization)
In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes.
Learn MoreDetecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference
• Presentation
By Emily Heath (Mitre), Eric Harley (Mitre)
In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.
Learn MoreInSight2: An Interactive Web-Based Platform for Modeling and Analysis of Large-Scale Argus Network Flow Data
• Presentation
By Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), J.T. Liso (The University of Tennessee Knoxville)
In this presentation, the authors discuss InSight2, an interactive web-based platform for modeling and analysis of large scale argus network flow data.
Learn MoreIdentification of Malicious SSL Networks by Subgraph Anomaly Detection
• Presentation
By Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS)
In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
Learn MoreThreat Hunting for Lateral Movement
• Presentation
By Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl)
In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science …
Learn More