 |
 |
Conference on
Detection of Intrusions and Malware & Vulnerability Assessment
July 7-8, 2005
Vienna, Austria
|
Conference of SIG SIDAR of the German Informatics Society (GI). In cooperation with the IEEE Task Force on Information Assurance and the IEEE Computer Society Technical Committee on Security and Privacy. |
|
Conference Program
| Thursday 2005-07-07 | |||
| 08.30 - 09.45 Registration | |||
| 09.45 - 10.00 Welcome
Christopher Kruegel (Technical University Vienna, Austria) and Klaus Julisch (IBM Zurich, Switzerland) |
|
||
| 10.00 - 11.00 Keynote
Philip Attfield (Northwest Security Institute) |
|
|
|
| 11.00 - 11.30 Coffee Break | |||
| 11.30 - 12.30 Session 1: Obfuscated Code Detection | |||
|
Analyzing Memory Accesses in Obfuscated x86 Executables
Michael Venable, Mohamed Chouchane, Md Enamul Karim, and Arun Lakhotia (University of Louisiana at Lafayette, USA) |
|
|
|
|
Hybrid Engine for Polymorphic Shellcode Detection
Udo Payer, Peter Teufl, and Mario Lamberger (Institute of Applied Information Processing and Communications, Austria) |
|
|
|
| 12.30 - 14.00 Lunch Break | |||
| 14.00 - 15.00 Session 2: Honeypots | |||
|
Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities
Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong (UC Davis, USA) |
|
|
|
|
A Pointillist Approach for Comparing Honeypots
Fabien Pouget (Institut Eurecom, France) and Thorsten Holz (RWTH Aachen University, Germany) |
|
|
|
| 15.00 - 15.30 Coffee Break | |||
| 15.30 - 17.00 Session 3: Vulnerability Assessment and Exploit Analysis | |||
|
Automatic Detection of Attacks on Cryptographic Protocols: A Case Study
Ivan Cibrario B., Luca Durante, Riccardo Sisto, and Adriano Valenzano (Politecnico di Torino, Italy) |
|
|
|
|
METAL - A Tool for Extracting Attack Manifestations
Ulf Larson, Emilie Lundin-Barse, and Erland Jonsson (Chalmers University of Technology, Sweden) |
|
|
|
|
Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone
Thomas Dübendorfer, Arno Wagner, Theus Hossmann, and Bernhard Plattner (ETH Zurich, Switzerland) |
|
|
|
| 17.00 - 18.30 Meeting of GI SIG SIDAR | |||
| 19.00 - 24.00 Dinner Reception (Vienna City Hall) Additional dinner tickets can be purchased at the conference. |
| Friday 2005-07-08 | |||
| 09.30 - 11.00 Session 4: Anomaly Detection | |||
|
A Learning-Based Approach to the Detection of SQL Attacks
Fredrik Valeur, Darren Mutz, and Giovanni Vigna (UC Santa Barbara, USA) |
|
|
|
|
Masquerade Detection via Customized Grammars
Mario Latendresse (Volt Services/Northrop Grumman, FNMOC U.S. Navy, USA) |
|
|
|
|
A Prevention Model for Algorithmic Complexity Attacks
Suraiya Khan and Issa Traore (University of Victoria, Canada) |
|
|
|
| 11.00 - 11.30 Coffee Break | |||
| 11.30 - 12.30 Session 5: Misuse Detection | |||
|
Detecting Malicious Code by Model Checking
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith (Technical University Munich, Germany) |
|
|
|
|
Improving the Efficiency of Misuse Detection
Michael Meier, Sebastian Schmerl, and Hartmut Koenig (Technical University of Cottbus, Germany) |
|
|
|
| 12.30 - 14.00 Lunch Break | |||
| 14.00 - 15.00 Session 6: Distributed Intrusion Detection and Testing | |||
|
Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context
Holger Dreger (Technical University Munich, Germany), Christian Kreibich (University of Cambridge, UK), Vern Paxson (ICSI and LBNL, USA), and Robin Sommer (Technical University Munich, Germany) |
|
|
|
|
TCPtransform: Property-Oriented TCP Traffic Transformation
Seung-Sun Hong, Fiona Wong, S. Felix Wu (UC Davis, USA), Bjorn Lilja, Tony Y. Jansson, Henric Johnson, and Arne Nelsson (Blekinge Institute of Technology, Sweden) |
|
|
|
| 15.00 - 15.30 Coffee Break | |||
| 15.30 - 17.00 Session 7: Industry Session | |||
|
Implementation of Honeytoken Module in DBMS Oracle
9iR2 Enterprise Edition for Internal Malicious
Activity Detection
Antanas Cenys, Darius Rainys, Lukas Radvilavicius (Informtion Systems Laboratory, Lithuania), and Nikolaj Goranin (Vilnius Gediminas Technical University, Lithuania) |
|
|
|
|
Function Call Tracing Attacks To Kerberos 5
Julian Rrushi and Emilia Rosti (Universita degli Studi di Milano, Italy) |
|
|
|
|
Combining IDS and Honeynet Methods for Improved
Detection and Automatic Isolation of Compromised
Systems
Stephan Riebach, Birger Toedtmann, and Erwin Rathgeb (University Duisburg-Essen, Germany) |
|
|
|
| 17.00 - 17.15 Closing Remarks |
|
Banner