November 21, 2011—FloCon®, an open conference sponsored by the SEI’s CERT Program, provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques. (Flow is an abstraction of network traffic in which packets are aggregated by common attributes over time.) FloCon 2012 will take place January 9–12, 2012, in Austin, Texas.
In modern network analysis, decreasing storage costs and increasing computing capabilities allow many products to generate huge volumes of deep packet data. But in practice, analysts still struggle with translating this raw data into knowledge to inform situational awareness and to guide decision making. In large network environments, flow data helps to provide a scalable way of seeing big-picture events as well as a streamlined platform for highlighting patterns of malicious behavior over time.
This year’s conference will focus on the progression of analytics from ideas, to prototypes, to tools. Each of these phases has its own set of successes, but it also raises its own set of challenges, and we encourage submissions and discussions across the spectrum. Which incident case-studies spark the seed of a new idea? How can flow data help refine a static signature? What are the costs and benefits of implementing a technique at the large-scale network level versus host level? How well do new flow-based analytical tools integrate into an analyst’s workflow?
FloCon 2012 will consist of presentations and demonstration sessions. Similar to poster sessions, demonstration sessions provide opportunities for informal interaction with the community to gain project feedback. We are accepting proposals for presentations or demonstrations.
To register, or to learn more about FloCon, please visit http://www.cert.org/flocon/.
For more information
Please tell us what you
think with this short
(< 5 minute) survey.