FloCon 2018 Presentations

• These presentations were given at FloCon 2018, an annual event where attendees discuss the analysis of large volumes of traffic and showcase the next generation of flow-based analysis techniques.

   

• Big Data Platform January 2018 Author(s): In this presentation, the author discusses the evolution of the Big Data Platform, examples of how it is being used today, and key lessons learned in its development.
• Creating & Sharing Value with Network Activity &Threat Correlation January 2018 Author(s): Dr. Jamison Day (Looking Glass) In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.
• Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling January 2018 Author(s): Anthony Palladino (Boston Fusion Corporation), Andrew Spisak (Boston Fusion Corporation), Christopher Thissen (Boston Fusion Corporation) In the presentation, the author describes a novel approach to cyber-anomaly detection. The method includes multi-modal data fusion, advanced graph-based analytics, and Bayesian normalcy modeling.
• When Threat Hunting Fails: Identifying Malvertising Domains Using Lexical Clustering January 2018 Author(s): Matt Foley (Cisco Systems, Inc.), David Rodriguez (Cisco Systems, Inc.), Dhia Mahjoub (OpenDNS) In this presentation, the authors discuss the current malvertising threat landscape: ad networks, exchanges, exploits, and popular infection points.
• Optimal Machine Learning Algorithms January 2018 Author(s): Hafiz Farooq (Saudi Aramco) This research paper allows SOC individuals to understand how to use machine learning algorithms optimally in order to complement existing conventional threat hunting capabilities.
• Analysis of DNS Traffic on the Network EDGE, and In Motion January 2018 Author(s): Fred Stringer (AT&T Chief Security Organization) In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes.
• Detecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference January 2018 Author(s): Emily Heath (Mitre), Eric Harley (Mitre) In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.
• InSight2: An Interactive Web-Based Platform for Modeling and Analysis of Large-Scale Argus Network Flow Data January 2018 Author(s): Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), J.T. Liso (The University of Tennessee Knoxville) In this presentation, the authors discuss InSight2, an interactive web-based platform for modeling and analysis of large scale argus network flow data.
• Identification of Malicious SSL Networks by Subgraph Anomaly Detection January 2018 Author(s): Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS) In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
• Threat Hunting for Lateral Movement January 2018 Author(s): Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl) In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
• Anomaly Detection in Bipartite Networks January 2018 Author(s): Mohammed Eslami (Netrias, LLC) In this presentation, the author discusses automated methods to identify anomalies in cyber networks with data collected at the edge of a network (or other bipartite network).
• Eliminating Barriers to Automated Tensor Analysis for Large-scale Flows January 2018 Author(s): James Ezick (Reservoir Labs) In this presentation, the author gives an introduction to tensor decompositions as a tool for network flow analysis, incluing insight into tensor methods as a rapidly evolving technology.
• Multi-Dimensional Network Anomaly Detection with Machine Learning January 2018 Author(s): In this presentation, the authors introduce the state of the art in machine learning anomaly detection and give insight into techniques to limit the errors of statistical approaches.
• Automated Detection and Analysis of IoT Network Traffic Through Distributed Open Source Sensors and Citizen Scientists January 2018 Author(s): Joe McManus (University of Colorado) In this presentation, the author discusses securing the Internet of Things (IoT) through network based detection leveraging low cost distributed sensing, machine learning and citizen scientists.
• CyGraph: Big-Data Graph Analysis For Cybersecurity and Mission Resilience January 2018 Author(s): Steven Noel (MITRE) In this presentation, the author discusses CyGrap, a methodology and tool for improving network security posture, maintaining situational awareness in the face of cyberattacks, and focusing on protection of mission-critical assets.