FloCon 2018 Presentations
These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Abstract
These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.
Collection Contents
-
Big Data Platform
January 29, 2018 • Presentation
In this presentation, the author discusses the evolution of the Big Data Platform, examples of how it is being used today, and key lessons learned in its development.
read -
Creating & Sharing Value with Network Activity &Threat Correlation
January 29, 2018 • Presentation
By Dr. Jamison Day (Looking Glass)
In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.
read -
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
January 30, 2018 • Presentation
By Anthony Palladino (Boston Fusion Corporation), Andrew Spisak (Boston Fusion Corporation), Christopher Thissen (Boston Fusion Corporation)
In the presentation, the author describes a novel approach to cyber-anomaly detection. The method includes multi-modal data fusion, advanced graph-based analytics, and Bayesian normalcy modeling.
read -
When Threat Hunting Fails: Identifying Malvertising Domains Using Lexical Clustering
January 30, 2018 • Presentation
By Matt Foley (Cisco Systems, Inc.), David Rodriguez (Cisco Systems, Inc.), Dhia Mahjoub (OpenDNS)
In this presentation, the authors discuss the current malvertising threat landscape: ad networks, exchanges, exploits, and popular infection points.
read -
Optimal Machine Learning Algorithms
January 29, 2018 • Presentation
By Hafiz Farooq (Saudi Aramco)
This research paper allows SOC individuals to understand how to use machine learning algorithms optimally in order to complement existing conventional threat hunting capabilities.
read -
Analysis of DNS Traffic on the Network EDGE, and In Motion
January 30, 2018 • Presentation
By Fred Stringer (AT&T Chief Security Organization)
In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes.
read -
Detecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference
January 30, 2018 • Presentation
By Emily Heath (Mitre), Eric Harley (Mitre)
In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.
read -
InSight2: An Interactive Web-Based Platform for Modeling and Analysis of Large-Scale Argus Network Flow Data
January 30, 2018 • Presentation
By Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), J.T. Liso (The University of Tennessee Knoxville)
In this presentation, the authors discuss InSight2, an interactive web-based platform for modeling and analysis of large scale argus network flow data.
read -
Identification of Malicious SSL Networks by Subgraph Anomaly Detection
January 31, 2018 • Presentation
By Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS)
In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
read -
Threat Hunting for Lateral Movement
January 31, 2018 • Presentation
By Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl)
In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
read -
Anomaly Detection in Bipartite Networks
January 31, 2018 • Presentation
By Mohammed Eslami (Netrias, LLC)
In this presentation, the author discusses automated methods to identify anomalies in cyber networks with data collected at the edge of a network (or other bipartite network).
read -
Eliminating Barriers to Automated Tensor Analysis for Large-scale Flows
January 31, 2018 • Presentation
By James Ezick (Reservoir Labs)
In this presentation, the author gives an introduction to tensor decompositions as a tool for network flow analysis, incluing insight into tensor methods as a rapidly evolving technology.
read -
Multi-Dimensional Network Anomaly Detection with Machine Learning
January 31, 2018 • Presentation
In this presentation, the authors introduce the state of the art in machine learning anomaly detection and give insight into techniques to limit the errors of statistical approaches.
read -
Automated Detection and Analysis of IoT Network Traffic Through Distributed Open Source Sensors and Citizen Scientists
January 31, 2018 • Presentation
By Joe McManus (University of Colorado)
In this presentation, the author discusses securing the Internet of Things (IoT) through network based detection leveraging low cost distributed sensing, machine learning and citizen scientists.
read -
CyGraph: Big-Data Graph Analysis For Cybersecurity and Mission Resilience
January 31, 2018 • Presentation
By Steven Noel (MITRE)
In this presentation, the author discusses CyGrap, a methodology and tool for improving network security posture, maintaining situational awareness in the face of cyberattacks, and focusing on protection of mission-critical assets.
read