Thursday, July 12 | 9:00-9:15 | Opening remarks | | 9:15-10:30 | Keynote | | | Considerations and Pitfalls for Conducting Intrusion Detection Research
Vern Paxson (International Computer Science Institute & Lawrence Berkeley National Laboratory) | | 10:30-11:00 | Coffee break | | 11:00-12:30 | Session 1 - Web Security | | | Session chair: Christian Kreibich
| | | Extensible Web Browser Security
Mike Ter Louw, Jin Soon Lim and V.N. Venkatakrishnan | | | On the Effectiveness of Techniques to Detect Phishing Sites
Christian Ludl, Sean McAllister, Engin Kirda and Christopher Kruegel | | | Protecting the Intranet Against “JavaScript Malware” and Related Attacks
Martin Johns and Justus Winter | | 12:30-14:00 | Lunch | | 14:00-15:15 | Session 2 - Intrusion Detection | | | Session chair: Michael Meier
| | | On the Effects of Learning Set Corruption in Anomaly-based Detection of Web Defacements
Eric Medvet and Alberto Bartoli | | | Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract)
Krzysztof Brzezinski | | | Characterizing the Remote Control Behavior of Bots
Elizabeth Stinson and John Mitchell | | 15:15-15:45 | Coffee break | | 15:45-17:00 | Session 3 - Traffic Analysis | | | Session chair: Ulrich Flegel | | | Measurement and Analysis of Autonomous Spreading Malware in a University Environment
Jan Goebel, Thorsten Holz and Carsten Willems | | | Passive Monitoring of DNS Anomalies (Extended Abstract)
Bojan Zdrnja, Nevil Brownlee and Duane Wessels | | | Characterizing Dark DNS Behavior
Jon Oberheide, Manish Karir and Zhuoqing Mao | | 17:00-17:30 | Meeting of GI SIG SIDAR (open for all interested attendees) | | 17:30 | Transfer to Conference Dinner | | At dinner | Invited Talk | | | Aspects of ITSEC in the Swiss e-Government-Program
Peter Trachsel (Deputy Head of Federal Strategic Unit for IT, Switzerland) | Friday, July 13 | 9:00-10:15 | Invited Talk | | | SCADA Systems: Challenges to Security Assessment and Testing
Marcelo Masera (Institute for the Protection and Security of the Citizen at the Joint Research Centre of the European Commission) | | 10:15-10:45 | Coffee break | | 10:45-11:45 | Session 4 - Network Security | | | Session chair: Hervé Debar | | | Distributed Evasive Scan Techniques and Countermeasures
Min Gyung Kang, Juan Caballero and Dawn Song | | | On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
Jaeyeon Jung, Rodolfo Milito and Vern Paxson | | 11:45-12:30 | Rump Session | | | Session chair: Sven Dietrich | | 12:30-14:00 | Lunch | | 14:00-15:30 | Session 5 - Host Security | | | Session chair: Christopher Kruegel | | | Hacking in Physically Adressable Memory
David R. Piegdon and Lexi Pimenidis | | | Static Analysis on x86 Executable for Preventing Automatic Mimicry Attacks
Danilo Bruschi, Lorenzo Cavallaro and Andrea Lanzi | | | A Study of Malcode-Bearing Documents
Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulaki and Angelos Keromytis | | 16:00-16:30 | Results of the CIPHER3 contest | | | Lexi Pimenidis | | 16:30-16:45 | Concluding remarks |
Invited Talks Considerations and Pitfalls for Conducting Intrusion Detection Research (Slides are online)
Vern Paxson International Computer Science Institute, Lawrence Berkeley National Laboratory Much of the field of intrusion detection has developed in an ad hoc fashion due to its reactive nature coupled with the continually evolving problem domain. As a consequence, work in this area is particularly fraught with difficulties regarding how to pursue research recognized as sound and persuasive. This talk aims to frame a number of considerations and pitfalls in this regard, drawing upon the speaker's experience on more than 20 security-related program committees, and serving as program chair for the USENIX Security Symposium and two terms as program co-chair for the IEEE Symposium on Security and Privacy.
SCADA Systems: Challenges to Security Assessment and Testing
Marcelo Masera Institute for the Protection and Security of the Citizen, Joint Research Centre of the European Commission Industrial control systems (aka SCADA) have been neglected from the security viewpoint, but in the current world of pervasive connection their vulnerability and potential threats have to be explored. SCADA are key components of critical systems, such as power, gas and oil, chemical, pharmaceutical, and manufacturing installations. Their failure can caused severe damage, not just to their industrial setting, but to society at large. The access to Internet is not only an unwanted trait, but it is required for maintenance and updating purposes. Therefore it cannot be ignored, and it has to be factored in with all the related security implications. Many lessons can be drawn from typical information systems, but SCADA present some particular features, e.g. they generally cannot be stopped or rebooted as part of an experiment. Specific strategies for their protection and assessment are needed. More specifically, there is an urgent requirement for developing dedicated test-beds, where to try, experiment and resolve security issues. As practitioners of the computer science and information technology field know little of industrial control, and those specialised in the latter have normally less experience in ICT security, there cold be great advantages in establishing a link between these communities.
|
