21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '24)
July 17 to 19, 2024 at EPFL in Lausanne, Switzerland
Follow us on Mastodon Follow us on X/TwitterAccess to the proceedings in the Springer library.
Conference Program
Wednesday, July 17: Day 0
Social event: Lausanne city tour
On this walking tour, we'll explore the old town of Lausanne. This is a great opportunity to get to know the other conference attendees and to walk off any travel fatigue. Our meeting point is on the Riponne square, in front of the Palais Rumine, next to the Metro m2 stop "Riponne".Thursday, July 18: Day 1, in BC05/06
Chair's welcome to DIMVA'24
Keynote Twenty-year-old Vulnerabilities are Back: Firmware Security in the Era of "Smart" Devices, Andrea Continella (University of Twente)
Abstract: Embedded devices have become ubiquitous. While they automate and simplify many aspects of users' lives, industrial processes, and critical infrastructures, the firmware running on these devices often presents severe (despite well-known for decades) vulnerabilities. Unfortunately, firmware is heavily hardware-dependent and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. In this talk, I will discuss the challenges of applying traditional security analysis and testing methods in the firmware domain, and I will present an overview of the techniques and tools developed for the automated discovery and mitigation of security vulnerabilities in embedded devices. Finally, I will show the results of current research, draw conclusions on the state of security of embedded firmware and the limitations of existing approaches, and highlight directions for future research.
Bio: Andrea is an Associate Professor at the University of Twente where he leads the cybersecurity team of the Semantics, Cybersecurity & Services group. His research focuses on several aspects of systems security, such as malware and threat analysis, mobile security, or software security.
Coffee break
Session 1: Vulnerability Detection and Defense (chair: Sven Dietrich)
Exceptional Interprocedural Control Flow Graphs for x86-64 Binaries by Joshua Bockenek (Virginia Tech), Freek Verbeek (Open University of The Netherlands and Virginia Tech), and Binoy Ravindran (Virginia Tech)
S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More by Ruizhe Wang (University of Waterloo), Meng Xu (University of Waterloo), and N. Asokan (University of Waterloo)
Acoustic Side-Channel Attacks on a Computer Mouse by Gabriele Orazi (University of Padua), Marin Duroyon (Delft University of Technology), Mauro Conti (University of Padua), and Gene Tsudik (UCI)
Modularized Directed Greybox Fuzzing for Binaries over Multiple CPU Architectures by Sofiane Benahmed (Security Research Centre, Concordia University, Montreal, QC, Canada), Abdullah Qasem (Security Research Centre, Concordia University, Montreal, QC, Canada), Anis Lounis (Security Research Centre, Concordia University, Montreal, QC, Canada), and Mourad Debbabi (Security Research Centre, Concordia University, Quebec, Canada)
Using Semgrep OSS to Find OWASP Top 10 Weaknesses in PHP Applications: A Case Study (no onsite talk) by Lukas Kree (Fraunhofer FKIE), René Helmke (Fraunhofer FKIE), and Eugen Winter (Fraunhofer FKIE)
Lunch
Session 2: Malware and Threats (chair: Stijn Volckaert)
Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks (no onsite talk) by Mohammad Ali Tofighi (Florida International University), Behzad Ousat (Florida International University), Javad Zandi (Florida International University), Esteban Schafir (Florida International University), and Amin Kharraz (Florida International University)
Tarallo: Evading Behavioral Malware Detectors in the Problem Space by Gabriele Digregorio (Politecnico di Milano), Salvatore Maccarrone (Politecnico di Milano), Mario D'Onghia (Politecnico di Milano), Luigi Gallo (Cyber Security Lab, Telecom Italia), Michele Carminati (Politecnico di Milano), Mario Polino (Politecnico di Milano), and Stefano Zanero (Politecnico di Milano)
Evading Userland API Hooking, Again: Novel Attacks and a Principled Defense Method by Cristian Assaiante (Sapienza University of Rome), Simone Nicchi (Sapienza University of Rome), Daniele Cono D'Elia (Sapienza University of Rome), Leonardo Querzoni (Sapienza University of Rome)
Extended Abstract: Evading Packing Detection:Breaking Heuristic-Based Static Detectors by Alexandre D'Hondt (UCLouvain), Charles-Henry Bertrand Van Ouytsel (UCLouvain), and Axel Legay (UCLouvain)
Listening between the Bits: Privacy Leaks in Audio fingerprints by Moritz Pfister (TU Braunschweig), Robert Michael (TU Braunschweig), Max Boll (TU Braunschweig), Konrad Rieck (TU Berlin), and Daniel Arp (TU Berlin)
Coffee break
Session 3: Mobile and Web Application Security (Marcel Busch)
Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners by Sebastian Neef (TU Berlin) and Maath Oudeh (TU Berlin)
SandPuppy: Deep-state fuzzing guided by automatic detection of state-representative variables by Vivin Paliath (Arizona State University), Erik Trickel (Arizona State University), Tiffany Bao (Arizona State University), Ruoyu ""Fish"" Wang (Arizona State University), Adam Doupe (Arizona State University), and Yan Shoshitaishvili (Arizona State University)
Extended Abstract: Tracking Manifests - Persistent Identifiers in Progressive Web Apps by Dolière Francis Somé (Stanford University)
PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location by Michele Marazzi (ETH Zurich), Patrick Jattke (ETH Zurich), Jason Zibung (ETH Zurich), and Kaveh Razavi (ETH Zurich)
Knocking on Admin's Door: Protecting Critical Web Applications with Deception by Billy Tsouvalas (Stony Brook University) and Nick Nikiforakis (Stony Brook University)
Poster Session and Social BBQ (BC terrasse, 4th floor)
After the technical sessions we'll slowly ease into the poster session to discuss great ongoing research along a social BBQ.Friday, July 19: Day 2, in BC05/06
Keynote Wireless Physical-Layer Sensing: The Good, The Bad, and The Ugly, Veelasha Moonsamy (Ruhr University Bochum)
Abstract: Wireless radio channels are known to contain sensitive information about the surrounding propagation environment, which can be extracted using well-established wireless sensing methods. Thus, today's ubiquitous wireless devices (e.g., IoT) are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers can obtain estimations of wireless channels, which then give away sensitive information about indoor environments. For instance, adversaries can infer human motion from wireless channel observations, therefore, allowing them to remotely monitor premises of victims. In this talk, I will present our recent works, which leverage the technology of intelligent reflecting surfaces and demonstrate how it can be used by both attackers and defenders in the wireless realm.
Bio: Veelasha Moonsamy is a Professor in the Faculty of Computer Science at Ruhr University Bochum (Germany), where she leads the Chair for Security and Privacy of Ubiquitous Systems. She is also a member of the Horst Goertz Institute for IT Security and a Principal Investigator in the Excellence Cluster CASA. Her research interests include for IoT/mobile/embedded systems, data privacy and applications of machine learning for security and privacy.
Coffee break
Session 4: AI for Security (Manuel Egele)
Approach for the Optimization of Machine Learning Models for Calculating Binary Function Similarity by Suguru Horimoto (National Police Agency of Japan), Keane Lucas (Carnegie Mellon University), and Lujo Bauer (Carnegie Mellon University)
Inferring Recovery Steps from Cyber Threat Intelligence Reports by Zsolt Levente Kucsván (University of Twente), Marco Caselli (Siemens AG), Andreas Peter (Carl von Ossietzky Universität Oldenburg), and Andrea Continella (University of Twente)
Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs by Trevor Dunlap (North Carolina State University), John Speed Meyers (Chainguard), Brad Reaves (North Carolina State University), and William Enck (North Carolina State University)
Extended Abstract: Assessing Language Models for Semantic Textual Similarity in Cybersecurity by Arian Soltani (Université de Sherbrooke), DJeff Kanda Nkashama (Université de Sherbrooke), Jordan Felicien Masakuna (Université de Sherbrooke), Marc Frappier (Université de Sherbrooke), Pierre-Martin Tardif (Université de Sherbrooke), and Froduald Kabanza (Université de Sherbrooke)
Extended Abstract: A Transfer Learning-based Training Approach for DGA Classification by Arthur Drichel (RWTH Aachen University), Benedikt von Querfurth (RWTH Aachen University), and Ulrike Meyer (RWTH Aachen University)"
Lunch
Session 5: Hardware and Firmware Security (Stefan Brunthaler)
Seum Spread: Discerning Flaws in IoT Firmware Via Security-Relevant Call Sequence Semantics by Anis Lounis (Security Research Centre, Concordia University, Montreal, QC, Canada), Anthony Andreoli (Security Research Centre, Concordia University, Montreal, QC, Canada), Mourad Debbabi (Security Research Centre, Concordia University, Montreal, QC, Canada), and Aiman Hanna (Security Research Centre, Concordia University, Montreal, QC, Canada)
Gluezilla: Efficient and Scalable Software to Hardware Binding using Rowhammer by Ruben Mechelinck (imec-DistriNet, KU Leuven), Daniel Dorfmeister (Software Competence Center Hagenberg), Bernhard Fischer (Software Competence Center Hagenberg), Stijn Volckaert (imec-DistriNet, KU Leuven), and Stefan Brunthaler (μCSRL, CODE Research Institute, University of the Bundeswehr Munich)
SmmPack: Obfuscation for SMM Modules by Kazuki Matsuo (Waseda University), Satoshi Tanda (Satoshi's System Programming Lab), Yuhei Kawakoya (NTT Security Japan KK), Kuniyasu Suzaki (Institute of Information Security), and Tatsuya Mori (Waseda University/NICT/RIKEN AIP)
Presshammer: Rowhammer and Rowpress without Physical Address Information by Jonas Juffinger (Graz University of Technology), Sudheendra Raghav Neela (Graz University of Technology), Martin Heckel (Hof Univeristy, University of Applied Sciences), Lukas Schwarz (Graz University of Technology), Florian Adamsky (Hof University of Applied Sciences, Institute of Information Systems (iisys)), and Daniel Gruss (Graz University of Technology)
Coffee break
Session 6: Cyber Physical Systems and IoT (Daniel Gruss)
SecMonS: A Security Monitoring Framework for IEC 61850 Substations Based on Configuration Files and Logs by Onur Duman (Concordia University), Mengyuan Zhang (Vrije Universiteit), Lingyu Wang (Concordia University), and Mourad Debbabi (Concordia university)
FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids by Emad Efatinasab (University of Padua), Francesco Marchiori (University of Padua), Alessandro Brighente (University of Padua), Mirco Rampazzo (University of Padua), and Mauro Conti (University of Padua & Delft University of Technology)
Wireless Modulation Identification: filling the gap in IoT networks security audit by Florent Galtier (LAAS-CNRS), Guillaume Auriol (LAAS-CNRS), Vincent Nicomette (LAAS-CNRS), Paul L. R. Olivier (LAAS-CNRS), Romain Cayre (EURECOM), and Mohamed Kaâniche (CNRS, LAAS)
Extended Abstract: Assessing GNSS Vulnerabilities in Smart Grids by Sine Canbolat (Karlsruhe Institute of Technology (KIT)), Clemens Fruböse (Karlsruhe Institute of Technology (KIT)), Ghada Elbez (Karlsruhe Institute of Technology (KIT)), and Veit Hagenmeyer (Karlsruhe Institute of Technology (KIT))
Closing notes and good bye
Registration
The registration was open with an early bird price of 290.- CHF (until June 21) and regular price of 340.- CHF afterwards. The registration is now closed. Reach out to mathias.payer@epfl.ch if you have questions.Call for Posters
Important Dates (AoE)
- Submission: up to Jun 21, 2024 (extended to encourage authors to submit posters)
- Notification: from Jun 19, 2024 on until the deadline
Call for Papers
Important Dates (AoE)
- Cycle 1:
- Submission:
Dec 6, 2023Dec 19, 2023 (extended) - Notification (accept/reject/revision):
Jan 24, 2024Feb 2, 2024
- Submission:
- Cycle 2:
- Submission:
Feb 14, 2024Feb 21, 2024 (extended) - Notification (accept/reject):
Apr 4, 2024Apr 8, 2024
- Submission:
- Camera ready deadline:
Apr 17, 2024May 01, 2024 - Conference: July 17 to 19, 2024
General Information
The annual DIMVA conference serves as a premier forum for advancing the state of the art in the broader areas of intrusion detection, malware analysis, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security – Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI). The conference proceedings will appear in the Springer Lecture Notes in Computer Science (LNCS) series.
Topics of Interest
DIMVA solicits submissions of high-quality, original scientific papers presenting novel research on malware analysis, intrusion detection, vulnerability assessment, and related systems security topics.
Special topic: Generative AI. We encourage submissions about security issues of generative AI to solve intrusion, malware, or vulnerability detection related challenges; or security of generative AI applications. Submissions in this special topic will be reviewed with the same criteria as any other submission.
Topics of interest include, but are not limited to:
Intrusions
- Novel approaches and domains
- Insider detection
- Prevention and response
- Data leakage, exfiltration, and poisoning
- Result correlation and cooperation
- Evasion and other attacks
- Potentials and limitation
- Operational experiences
- Privacy, legal, and social aspects
- Targeted attacks
- Analysis or detection of cryptocurrency heists
Malware
- Automated analyses
- Behavioral models
- Prevention and containment
- Classification
- Lineage
- Forensics and recovery
- Underground economy
- Vulnerabilities in malware
- Financially targeted malware (e.g., ransomware, DeFi)
Vulnerability detection
- Vulnerability prevention
- Vulnerability analysis
- Exploitation and defenses
- Hardware vulnerabilities
- Situational awareness
- Active probing
- Vulnerabilities in decentralized systems
Papers will be judged on novelty, significance, correctness, and clarity. We expect all papers to provide enough details to enable reproducibility of the experimental results. We encourage papers that bridge research in different communities. We also welcome experience papers that clearly articulate lessons learnt.
Types of Submissions Solicited
We invite submissions of two types:
Full Paper: presenting novel and mature research results. Full papers are limited to 20 pages in Springer LNCS format, including bibliography and appendices.
Short Paper: presenting original, still ongoing work that has not yet reached the maturity required for a full paper. Short papers are limited to 10 pages in Springer LNCS format, including bibliography and appendices. Short papers will be included in the proceedings. The title of short papers must start with the words “Extended Abstract”.
Papers that do not follow the above formatting guidelines may be rejected without review.
Submission Guidelines
DIMVA 2024 will adopt a double-blind reviewing process. All submissions should be appropriately anonymized. Author names and affiliations must be excluded from the paper. Furthermore, authors should avoid obvious self-references, and should cite their own previous work in third person, whenever necessary. Papers that are not properly anonymized risk being rejected without review.
Submissions must be original work and may not be under submission to another venue at the time of review. At least one author of each accepted paper is required to physically present the submitted work at the conference, for the paper to be included in the proceedings.
Authors are encouraged to submit code appropriately anonymized, using, e.g., https://anonymous.4open.science/.
Papers can be submitted using https://dimva2024.hotcrp.com/.
Ethical considerations
Submissions that report experiments with data gathered from human subjects should disclose whether the research received approval from an institutional ethics review board (IRB), if applicable, and what measures were adopted to minimize risks to privacy.
Submissions that describe experiments related to vulnerabilities in software or systems should discuss the steps taken to avoid negatively affecting any third-parties (e.g., in case of probing of network devices), and how the authors plan to responsibly disclose the vulnerabilities to the appropriate software or system vendors or owners before publication.
If you have any questions, please contact the program chairs at pc-chairs@dimva.org.
Committee
Program co-chairs (email: pc-chairs@dimva.org)
- Federico Maggi (AWS)
- Manuel Egele (Boston University)
Program committee
- Andrea Lanzi, University of Milan
- Sven Dietrich, City University of New York
- Seungwon Shin, KAIST
- Mario Polino, Politecnico di Milano
- Daniele Cono D'Elia, Sapienza University of Rome
- Stefano Zanero, Politecnico di Milano
- Sébastien Bardin, CEA List
- Tapti Palit Purdue, University
- Deborah Shands SRI, International
- Roland Yap, National University of Singapore
- Michael Schwarz, CISPA Helmholtz Center for Information Security
- Konrad Rieck, TU Berlin
- Gianluca Stringhini, Boston University
- Andrea Continella, University of Twente
- Yinzhi Cao Johns, Hopkins University
- Marco Cova, VMware
- Alexios Voulimeneas, TU Delft
- Shirin Nilizadeh, The University of Texas at Arlington
- Michalis Polychronakis, Stony Brook University
- Bo Feng, Zhejiang University
- Anita Nikolich, UIUC
- Vasileios Kemerlis, Brown University
- Hervé Debar, Télécom SudParis
- Daniele Antonioli, EURECOM
- Andrea Mambretti, IBM Research Europe - Zurich
- Fabio Pierazzi, King's College London
- Michele Carminati, Politecnico di Milano
- Nick Nikiforakis, Stony Brook University
- Aravind Machiry, Purdue University
- Flavio Toffalini, EPFL
- Marcel Busch, EPFL
- Nils Ole Tippenhauer CISPA
- Johannes Kinder, Ludwig-Maximilians-Universität München (LMU Munich)
- Sevtap Duman Ege, University
- Veelasha Moonsamy, Ruhr University Bochum
- Feng Xiao Georgia, Institute of Technology
- R Sekar, Stony Brook University
- Christof Ferreira Torres, ETH Zürich
- Stefano Longari, Politecnico di Milano
- Dario Stabili, Alma Mater Studiorum - University of Bologna
- Michael Meier, University of Bonn / Fraunhofer FKIE
- Kevin Borgolte Ruhr University Bochum
- Jeremiah Onaolapo, University of Vermont
- Moritz Lipp, Amazon Web Services
- Christophe Hauser, Dartmouth College
- Lilika Markatou, TU Delft
- Bo Feng, Zhejiang University
Publication chair
- Michele Carminati
Poster chair
General chair
- Mathias Payer (EPFL)
Steering committee
- Ulrich Flegel (co-chair)
- Michael Meier (co-chair)
- Magnus Almgren
- Sébastien Bardin
- Leyla Bilge
- Gregory Blanc
- Herbert Bos
- Danilo M. Bruschi
- Roland Bueschkes
- Juan Caballero
- Lorenzo Cavallaro
- Hervé Debar
- Sven Dietrich
- Mathias Fischer
- Giorgio Giacinto
- Cristiano Giuffrida
- Daniel Gruss
- Bernhard Haemmerli
- Thorsten Holz
- Marko Jahnke
- Klaus Julisch
- Christian Kreibich
- Christopher Kruegel
- Pavel Laskov
- Federico Maggi
- Clémentine Maurice
- Nuno Neves
- Roberto Perdisci
- Michalis Polychronakis
- Konrad Rieck
- Jean-Pierre Seifert
- Robin Sommer
- Urko Zurutuza
Venue: EPFL
DIMVA will be held in BC05/06 on the EPFL campus. You can reach EPFL via the M1 metro line from "Lausanne Flon" or by bus. The best public transport stops are "Ecublens VD, EPFL" on the M1 metro, "St-Sulpice VD, Parc Scient." on bus 701 or, closest to the venue, "Ecublens VD, EPFL/Colladon" on bus 1. Check the SBB website for schedules or download their mobile app. If needed, you can buy train/public transport tickets on the SBB app.
Hotels in Lausanne provide a free transit card at the reception desk for travel in and around the city. With your printed reservation, you may travel from Lausanne train station to your hotel on public transport for check-in. We highly recommend taking public transport.
We have contacted three hotels with reserved room blocks that will give you the EPFL internal rate when booking with the code "DIMVA2024". Please contact the hotel directly to make your reservation.
Starling Hotel Lausanne ***
Email: s.mesnil@shlausanne.ch
Phone: +41(0)21/694.85.92
Price: 170.-/night (single), 205.- (double)
Taxes: 3.50, breakfast included
SwissTech Hotel **
Email: reception@sthotel.ch
Phone: +41(0)21/694.06.10
Price: 130.-/night (single)
Taxes: 5.50, breakfast 16.-
Use code "DIMVA2024"
IBIS Lausanne Centre **
Email: H6772-AM@accor.com
Phone: +41(0)21/340.07.01
Price: 170.-/night (single)
Taxes: 5.50, breakfast included.
Use code "DIMVA2024"