FloCon 2022

Posters will be presented via dedicated Discord channels. Attendees will have the opportunity to network with each other, discuss poster content with presenters, and continue conversations with speakers.

Enriching Honeypot Data Using Cyber Threat Intelligence
Speaker: Caitlin Allen
Cybersecurity is a rapidly growing field that becomes more complex as time goes on. There are numerous aspects of security that branch out into their own equally complex fields. Many companies and organizations struggle to properly prepare for attacks against them, and fail to utilize threat intelligence or offensive security measures to mitigate these attacks.
This project aims to take data gathered by honeypots to enrich reports that can be provided to cybersecurity experts to improve their security posture. While honeypots and threat intelligence are properly established in the field and have copious research behind their workings and capabilities, the knowledge around applying them to a readable format is limited. This research aims to bridge that gap between threat intelligence and security hardening. The project will be accomplished by creating a virtual network that emulates an enterprise network. Offensive security mechanisms will be installed on these machines in the appropriate sections to produce the results needed for enriching reports.

Cloud Maturity Benchmarking Survey
Speaker: Anokhy Desai
The COVID-19 pandemic has forced businesses to consider a shift from in-person work and managed operations to remote work and cloud-based operations. These changes put companies’ cloud capabilities to the test, as every business that uses the cloud wants to ensure a secure cloud-based working environment. On top of individual business requirements, industry requirements for cloud services vary by industry and even by business function. Therefore, it has become increasingly important for organizations to benchmark their cloud capabilities with other organizations in their industry in order to make adjustments, identify gaps, and note improvements to make between their current state and target future state. To capture this shift to the cloud and help organizations identify their cloud-related improvement areas, we were tasked with creating a benchmarking survey to help our client better understand the extent to which their clients were aware of, trained for, and have implemented strategies for cloud usage. In order to create that benchmarking survey, we had to develop a fitting cloud maturity model to provide survey respondents with their position within that model. After researching available cloud maturity models and their primary functions and audiences, we ultimately created a hybrid maturity model based primarily on Microsoft Azure’s and Open Alliance’s cloud maturity models. Our maturity model provides four stages that a survey respondent's organization would be matched to, from least to most proactive: preliminary, defined, quantitatively managed, and optimized. To determine the maturity level of the respondent’s organization, the survey is created to evaluate the organization’s transition to cloud in relation to its people, process and innovation. Upon taking the survey, respondents will be able to see where they stand at an appropriate maturity level overall and among their industry. Ideally, respondents would be matched to the highest maturity stage relative to their industry. If not, our client company would be able to view their clients’ outcomes and provide transformation services based on these results.

Application Labeling Using Time-Based Network Flow Features as an Alternative to Packet Payload-Based Methods 
Speaker: Anusha Sinha
Application labels have been used by network administrators and analysts to optimize and defend networks for decades. We created a pipeline to generate labeled data and train supervised classifiers to assign application labels to flow data. We used this pipeline to train a model using time-based flow features and compare it to the performance of a model trained directly on packet payload strings. We used these comparisons to draw conclusions on the importance of payload data for the characterization of 18 different application protocols. We also provided public access to the large labeled data-set used in our work.

A Taxonomy of Cyber Attacks in Smart Manufacturing Systems Through the Perspective of the NIST Cybersecurity Framework Manufacturing Profile
Speaker: Bethanie Williams
A revolution in manufacturing systems is underway with smart manufacturing becoming an integral component of the broader push towards Industry 4.0. As the modern manufacturing industry continues to bridge digital and physical environments through the use of Internet of Things (IoT), cloud systems, data analytics, and machine learning, this integration has led to an increase in cyber-physical attacks with ongoing discovery of new security challenges. We present a comprehensive study of the common security challenges and attacks faced by smart manufacturing systems today and use the NIST Cybersecurity Framework Manufacturing Profile as a guideline to address cyber incidents that have occurred within the manufacturing sector. The attack taxonomy we present identifies, defines, and classifies cyber-attacks in the smart manufacturing sector and will aid both researchers and manufacturers to determine which business function(s) is/are at risk as a result of such attacks and take protective measures accordingly.