FloCon 2020 Presentations
These presentations were given at FloCon 2020, an annual conference that focuses on data-driven network security.
Abstract
These presentations were given at FloCon 2020, an annual conference that focuses on data-driven network security. Speakers from industry, government, and academia presented talks on how to apply "big data" analysis techniques to solve difficult security problems.
Collection Contents
-
AI is Not Magic: Machine Learning for Network Security
August 17, 2020 • Presentation
By Eliezer Kanal, Lena Pons
This presentation introduces foundational data science concepts and prepares attendees to scope new Artificial Intelligence and Machine Learning projects.
read -
SysFlow: Scalable System Telemetry for Improved Security Analytics
August 17, 2020 • Presentation
By Federico Araujo (IBM Research), Teryl Taylor (IBM Research)
This presentation introduces SysFlow as a new data representation for system behavior introspection for scalable security, compliance, and performance analytics.
read -
Data Driven Security Challenges
August 18, 2020 • Presentation
By Timothy J. Shimeall
This presentation discusses data driven security challenges in network security.
read -
Bayes at 10+ Gbps: Identifying Malicious and Vulnerable Processes from Passive Traffic Fingerprinting
August 18, 2020 • Presentation
By David McGrew (Cisco Systems, Inc.)
This presentation describes an inferencing system and its implementation, results in applying it to real-world traffic, and open issues in this technology area.
read -
Less is More with Intelligent Packet Capture
August 18, 2020 • Presentation
By Randy Caldejon (CounterFlow AI)
Attendees learned to build and deploy a cost-effective network forensics solution with open source tools like Argus and Dragonfly Machine Learning Engine.
read -
Alchemy: Stochastic Data Augmentation for Malicious Network Traffic Detection
August 18, 2020 • Presentation
By Bo Hu (NTT Group)
This presentation introduces a stochastic method called Alchemy that regenerates a set of feature vectors by randomly resampling the raw traffic data of each bag into several subsets.
read -
Comcast Security Analytics Platform
August 19, 2020 • Presentation
By Gary Gabriel (Comcast), Mason Cheng (Comcast)
This presentation showed practical ways to process large-scale security-related data and analyze it using cloud based infrastructure.
read -
The Long & Winding Road to Production-Worthy
August 19, 2020 • Presentation
By Emily Heath (Mitre)
In this presentation, attendees learned valuable skills for how to test their analytics from different perspectives. From an operational perspective, the presenter discussed how to evaluate analytics for coverage of the problem and false positives.
read -
A Structural Approach to Modeling Encrypted Connections
August 19, 2020 • Presentation
By Anthony Kasza (Corelight)
This presentation discusses how the concept of SOL can be applied to model encrypted protocols, including the SSH, SSL, and RDP protocols.
read -
Automating Reasoning with ATT&CK?
August 19, 2020 • Presentation
By Jonathan Spring
This presentation discusses limitations in MITRE's ATT&CK framework and proposes ways to restructure it to be more useful.
read -
Mobile Users’ Susceptibility to Phishing Attacks
August 19, 2020 • Presentation
By Ley Sylvester (Blackbaud)
This presentation shows how user behavior impacts the phishing landscape and how their perception of threats affects their motivation to avoid phishing attack threats.
read -
How to Use Machine Learning for a Phishing Incident Response
August 19, 2020 • Presentation
By Erez Harush (Palo Alto Networks)
In this presentation, attendees learned how to build their own phishing email classifier based on their email datasets, observed a model in action, and saw how the model numbers related to the real-world in SOC deployments.
read -
Methods for Testing and Qualifying Analytics
August 19, 2020 • Presentation
By Timothy J. Shimeall
This presentation describes a process for testing analytics and qualifying them to be used to inform ongoing network defense.
read -
Look Ma, No Malware!
August 20, 2020 • Presentation
By Renee Burton (Infoblox)
This presentation uses a specific instance of this problem, DNS-based DDoS attacks, as a case study to highlight how the application of unsupervised learning, and some particular methodologies, can help address this threat intelligence problem.
read -
Malware's Abuse of Privacy Enhancing Technologies
August 20, 2020 • Presentation
This presentation discusses the prevalence of malware using recently approved standards and the visibility losses associated with these standards. It also describes how malware is using censorship circumvention programs.
read -
Code Similarity Detection Using Syntax-Agnostic Locality Sensitive Hashing
August 20, 2020 • Presentation
This presentation describes how to maintain the security of large codebases by using Syntax-Agnostic Locality Sensitive Hashing (LSH) to detect and search for code similarity.
read -
Using Deep Neural Networks to Detect Compromised Hosts in Large Scale Networks
August 20, 2020 • Presentation
By Angel Kodituwakku (The University of Tennessee Knoxville), Eboni Thamavong (X8, Full Spectrum Engagement)
In this presentation, the authors discuss the generation of a new dataset based on recent, real network data from global research and education that is fused with actual threat lists and contextual information.
read -
Required Elements for Constructing a Highly Adoptable and Adaptive Digital Forensic Model
August 19, 2020 • Presentation
By Ken Rodgers (K-Rod Technology)
The study consisted of elemental theme generation using a United States sample population of 20 experts in the field of digital forensics from private and public sectors.
read -
Uncovering Priority Anomalies using Pattern Discovery as a Roadmap for Contextual Analysis
August 20, 2020 • Presentation
By Thomas S. Henretty, PhD (Reservoir Labs)
In this talk, attendees will be exposed to a unique approach to network anomaly detection and prioritization that combines tensor decompositions with deeper, query-based analysis.
read -
Cybersecurity Data Science 2020: Practitioner Perspectives and Guidance
August 20, 2020 • Presentation
By Scott Mongeau (SAS)
This talk addresses fundamental questions concerning the status of cybersecurity data science (CSDS) as an emerging profession.
read -
Countermeasures to Security Threats in Networked Medical Devices
August 20, 2020 • Presentation
By Melinda Lyles (Florida Southwestern State College)
This presentation discussed ways to make IT support and healthcare organizations aware of the growing need for countermeasures to risks associated with networked medical devices.
read