Conference Overview

FloCon^® is an open conference that provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques. Flow is an abstraction of network traffic in which packets are aggregated by common attributes over time.

In modern network analysis, decreasing storage costs and increasing computing capabilities allow many products to generate huge volumes of deep packet data. But in practice, analysts still struggle with translating this raw data into knowledge to inform situational awareness and to guide decision making. In large network environments, flow data helps to provide a scalable way of seeing big picture events, as well as a streamlined platform for highlighting patterns of malicious behavior over time.

This year's conference will focus on the progression of analytics from ideas, to prototypes, to tools. Each of these phases has its own set of successes, but it also raises its own set of challenges, and we encourage submissions and discussions across the spectrum. Which incident case studies spark the seed of a new idea? How can flow data help refine a static signature? What are the costs and benefits of implementing a technique at the large-scale network level versus host level? How well do new flow-based analytical tools integrate into an analysts workflow?

FloCon 2012 will be comprised of presentations and demonstration sessions. Similar to poster sessions, demonstration sessions provide opportunities for informal interaction with the community to gain project feedback. We are accepting proposals for presentations or demonstrations.

A limited number of registration fee discounts are available to students who present or demonstrate relevant flow-related research.

Email flocontact@cert.org for additional information.

Keynote Speaker

At FloCon 2012, Martin Roesch, chief technology officer of Sourcefire, will deliver the keynote address titled "Effective Network Security in a Dynamic World."

Martin Roesch founded Sourcefire in 2001 and serves as its Chief Technology Officer (CTO). A respected authority on intrusion prevention and detection technology and forensics, he is responsible for the technical direction and product development efforts for Sourcefire’s commercial and open source product offerings. Roesch, who has nearly 20 years of industry experience in network security and embedded systems engineering, is also the author and lead developer of the Snort Intrusion Prevention and Detection System (www.snort.org) that forms the foundation for the Sourcefire IPS.

For more than a decade, Roesch has dedicated himself to developing intelligent network security tools and technologies to address evolving threats, applying his knowledge of network security to network threat analytics and network forensics for numerous government and multinational customers. Roesch has been interviewed as an industry expert in multiple technology publications, as well as print and online news services, such as MSNBC, Wall Street Journal, CNET, ZDNet, and numerous books. Snort was named to InfoWorld’s Open Source Hall of Fame and has been featured in Scientific American, on A&E's Secret Places: Inside the FBI, and in several books, such as Network Intrusion Detection: An Analysts Handbook, Intrusion Signatures and Analysis, Maximum Security, Hacking Exposed, and others.

Roesch has received a host of awards for his technology innovation and vision. Most recently, he was recognized as a 2010 Security Superstar by Everything Channel’s CRN magazine for the value his innovations provide partners and customers, and was selected as one of eWeek’s Top 100 Most Influential People in IT. Roesch holds a BS in Electrical and Computer Engineering from Clarkson University.