====================================================================== C A L L F O R P A R T I C I P A T I O N ====================================================================== ########## Early Bird Rates available until June 1, 2005 ######### ======================================================================
Detection of Intrusions and Malware & Vulnerability Assessment DIMVA 2005
July 7-8 2005 Technical University Vienna, Austria
Conference of SIG SIDAR of the German Informatics Society (GI) in cooperation with IEEE Task Force on Information Assurance and IEEE Computer Society Technical Committee on Security and Privacy
http://www.dimva.org/dimva2005/ mailto:dimva2005{at}gi-fg-sidar.de
======================================================================
The special interest group SIDAR (Security - Intrusion Detection and Response) of the German Informatics Society (GI) engages in the detection and management of information security incidents. In cooperation with the IEEE Task Force on Information Assurance and the IEEE Computer Society Technical Committee on Security and Privacy, the special interest group SIDAR organizes a conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2005), taking place 7/8-07-2005 in Vienna, Austria.
The conference brings together leading researchers and practitioners from academia, government, and industry to discuss the topics intrusion detection, malicious agents (malware) and vulnerability assessment. The presentations aim particularly at results from research, development and integration, relevant applications, new technologies and resulting product developments on a conceptual level.
This year's program features a single technical track with 14 papers and 3 practical industry reports (from a total of 51 submissions). It also features Philip Attfield from the Northwest Security Institute as the invited speaker.
Registration and Travel =======================
The DIMVA 2005 conference will be held in room "Hoersaal 6" of the "Freihaus" building of the Technical University Vienna (Wiedner Hauptstrasse 8-10, A-1040 Vienna, Austria). The registration is now open. Please check the DIMVA web site for information on the rates, registration, travel and accommodation:
http://www.dimva.org/dimva2005/
Conference Program ==================
Thursday, July 7th ------------------
08.30 - 09.45 Registration
09.45 - 10.00 Welcome
10.00 - 11.00 Keynote
Philip Attfield (Northwest Security Institute)
11.00 - 11.30 Coffee Break
11.30 - 12.30 Session 1: Obfuscated Code Detection
Analyzing Memory Accesses in Obfuscated x86 Executables / Michael Venable, Mohamed Chouchane, Md Enamul Karim, and Arun Lakhotia (University of Louisiana at Lafayette, USA)
Hybrid Engine for Polymorphic Shellcode Detection / Udo Payer, Peter Teufl, and Mario Lamberger (Institute of Applied Information Processing and Communications, Austria)
12.30 - 14.00 Lunch Break
14.00 - 15.00 Session 2: Honeypots
Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities / Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong (UC Davis, USA)
A Pointillist Approach for Comparing Honeypots / Fabien Pouget (Institut Eurecom, France) and Thorsten Holz (RWTH Aachen University, Germany)
15.00 - 15.30 Coffee Break
15.30 - 17.00 Session 3: Vulnerability Assessment and Exploit Analysis
Automatic Detection of Attacks on Cryptographic Protocols: A Case Study / Ivan Cibrario B., Luca Durante, Riccardo Sisto, and Adriano Valenzano (Politecnico di Torino, Italy)
METAL - A Tool for Extracting Attack Manifestations / Ulf Larson, Emilie Lundin-Barse, and Erland Jonsson (Chalmers University of Technology, Sweden)
Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone / Thomas Dübendorfer, Theus Hossmann, Arno Wagner, and Bernhard Plattner (ETH Zurich, Switzerland)
17.00 - 18.30 Meeting of GI - Special Interest Group SIDAR
19.00 - 24.00 Reception at Festsaal of Vienna Town Hall (Rathaus)
Friday, July 8th ----------------
09.30 - 11.00 Session 4: Anomaly Detection
A Learning-Based Approach to the Detection of SQL Attacks / Fredrik Valeur, Darren Mutz, and Giovanni Vigna (UC Santa Barbara, USA)
Masquerade Detection via Customized Grammars / Mario Latendresse (Volt Services/Northrop Grumman, FNMOC U.S. Navy, USA)
A Prevention Model for Algorithmic Complexity Attacks / Suraiya Khan and Issa Traore (University of Victoria, Canada)
11.00 - 11.30 Coffee Break
11.30 - 12.30 Session 5: Misuse Detection
Detecting Malicious Code by Model Checking / Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith (Technical University Munich, Germany)
Improving the Efficiency of Misuse Detection / Michael Meier, Sebastian Schmerl, and Hartmut Koenig (Technical University of Cottbus, Germany)
12.30 - 14.00 Lunch Break
14.00 - 15.00 Session 6: Distributed Intrusion Detection and Testing
Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context / Holger Dreger (Technical University Munich, Germany), Christian Kreibich (University of Cambridge, UK), Vern Paxson (ICSI and LBNL, USA), and Robin Sommer (Technical University Munich, Germany)
TCPtransform: Property-Oriented TCP Traffic Transformation / Seung-Sun Hong, Fiona Wong, S. Felix Wu (UC Davis, USA), Bjorn Lilja, Tony Y. Jansson, Henric Johnson, and Arne Nelsson (Blekinge Institute of Technology, Sweden)
15.00 - 15.30 Lunch Break
15.30 - 17.00 Session 7: Industry Session
Implementation of Honeytoken Module in DBMS Oracle 9iR2 Enterprise Edition for Internal Malicious Activity Detection / Antanas Cenys, Darius Rainys, Lukas Radvilavicius (Informtion Systems Laboratory, Lithuania), and Nikolaj Goranin (Vilnius Gediminas Technical University, Lithuania)
Function Call Tracing Attacks To Kerberos 5 / Julian Rrushi and Emilia Rosti (Universita degli Studi di Milano, Italy)
Combining IDS and Honeynet Methods for Improved Detection and Automatic Isolation of Compromised Systems / Stephan Riebach, Birger Toedtmann, and Erwin Rathgeb (University Duisburg-Essen, Germany)
17.00 - 17.15 Closing Remarks
Program Committee =================
Dominique Alessandri (IBM, Switzerland) Thomas Biege (SUSE LINUX AG, Germany) Roland Bueschkes (T-Mobile, Germany) Marc Dacier (Institut Eurecom, France) Herve Debar (France Telecom R&D, France) Luca Deri (ntop.org, Italy) Sven Dietrich (CMU, USA) Toralv Dirro (McAfee, Germany) Ulrich Flegel (University of Dortmund, Germany) Steven Furnell (University of Plymouth, UK) Detlef Guenther (CERT-VW, Germany) Dirk Haeger (BSI, Germany) Bernhard Haemmerli (HTA Luzern, Switzerland) Oliver Heinz (arago AG, Germany) Peter Herrmann (University of Dortmund, Germany) Marc Heuse (n.runs, Germany) Erland Jonsson (Chalmers University of Technology, Sweden) Engin Kirda (Vienna University of Technology, Austria) Hartmut Koenig (Technical University of Cottbus, Germany) Klaus-Peter Kossakowski (Presecure, Germany) Hannes Lubich (Computer Associates, Switzerland) Michael Meier (Technical University of Cottbus, Germany) Martin Naedele (ABB Corporate Research, Switzerland) Marc Rennhard (ETH Zurich, Switzerland) Dirk Schadt (Computer Associates, Germany) Robin Sommer (Technical University Munich, Germany) Axel Tanner (IBM Research, Switzerland) Stephen Wolthusen (Fraunhofer-IGD, Germany)
Steering Committee ==================
Ulrich Flegel, University of Dortmund, Germany Michael Meier, Technical University of Cottbus, Germany
Roland Bueschkes, T-Mobile, Germany Marc Heuse, n.runs, Germany
Organization ============
Christiane Tronigger (Registration Office) NetHotels Reisebuero Betrieb-GmbH Neulinggasse 31, A-1080 Vienna, Austria Tel.: (+43-1)710 19 19, Fax.: (+43-1)710 19 20 Email: dimva2005{at}gi-fg-sidar.de (General Questions) office{at}nethotels.com (Registration, Hotel)
Christopher Kruegel (Conference Chair) Technical University Vienna, Institut for Automation Treitlstrasse 3/4. Stock, A-1040 Vienna, Austria Tel.: (+43-1)58 801-183 25, Fax.: (+43-1)58 801-183 91 Email: chris{at}auto.tuwien.ac.at
Klaus Julisch (Program Committee Chair) IBM Research GmbH, Saeumerstrasse 4, CH-8803 Rueschlikon, Switzerland Tel.: (+41-44)724 8608, Fax.: (+41-44)724 8953 Email: kju{at}zurich.ibm.com