Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Back To Schedule
Wednesday, June 6 • 12:15 - 13:00
BotProbe - botnet traffic capture using IPFIX

Log in to save this to your schedule, view media, leave feedback and see who's attending!

IPFIX is the ratified standard for flow export. IPFIX was designed for security processes such as threat detection, overcoming the known drawbacks of network management based NetFlow. One major enhancement in IPFIX is template extensibility, allowing traffic capture at layers 3 through 7 of the OSI model. This talk introduces IPFIX and describes the creation of BotProbe - an IPFIX template specifically designed to capture botnet traffic communications from the analysis of almost 20 million botnet flows. BotProbe realises a 97% reduction in traffic volumes over traditional packet capture. Reduction of big data volumes of traffic not only opens up an opportunity to apply traffic capture in new areas such as pre-event forensics and legal traffic interception, but considerably improves traffic analysis times. Learn how IPFIX can be applied to botnet capture and other security threat detection scenarios. 

avatar for Mark Graham

Mark Graham

Anglia Ruskin University
Mark lectures in Information Security at Anglia Ruskin University, Cambridge. Mark's PhD was a novel application of IPFIX (the next generation flow protocol and RFC standard) towards capturing botnet traffic communications. This proof of concept is now undergoing commercialisation... Read More →

Wednesday June 6, 2018 12:15 - 13:00 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD