======================================================================
                 C O N F E R E N C E    P R O G R A M
======================================================================

    Detection of Intrusions and Malware & Vulnerability Assessment
                              DIMVA 2005

                           July 7-8 2005
    	         Technical University Vienna, Austria

     Conference of SIG SIDAR of the German Informatics Society (GI) 
                         in cooperation with
             IEEE Task Force on Information Assurance and
   IEEE Computer Society Technical Committee on Security and Privacy

                   http://www.dimva.org/dimva2005/
                  mailto:dimva2005{at}gi-fg-sidar.de

======================================================================


Thursday, July 7th
------------------

08.30 - 09.45  Registration

09.45 - 10.00  Welcome

10.00 - 11.00  Keynote 

               Philip Attfield (Northwest Security Institute)

11.00 - 11.30  Coffee Break

11.30 - 12.30  Session 1: Obfuscated Code Detection 

               Analyzing Memory Accesses in Obfuscated x86 Executables /
               Michael Venable, Mohamed Chouchane, Md Enamul Karim,
               and Arun Lakhotia (University of Louisiana at
               Lafayette, USA)

               Hybrid Engine for Polymorphic Shellcode Detection /
               Udo Payer, Peter Teufl, and Mario Lamberger (Institute
               of Applied Information Processing and Communications,
               Austria)

12.30 - 14.00  Lunch Break

14.00 - 15.00  Session 2: Honeypots 

               Experiences Using Minos as a Tool for Capturing and
               Analyzing Novel Worms for Unknown Vulnerabilities /
               Jedidiah R. Crandall, S. Felix Wu, and Frederic
               T. Chong (UC Davis, USA)

               A Pointillist Approach for Comparing Honeypots /
               Fabien Pouget (Institut Eurecom, France) and Thorsten
               Holz (RWTH Aachen University, Germany)

15.00 - 15.30  Coffee Break

15.30 - 17.00  Session 3: Vulnerability Assessment and Exploit
                          Analysis  

               Automatic Detection of Attacks on Cryptographic
               Protocols: A Case Study / 
               Ivan Cibrario B., Luca Durante, Riccardo Sisto, and
               Adriano Valenzano (Politecnico di Torino, Italy)

               METAL - A Tool for Extracting Attack Manifestations / 
               Ulf Larson, Emilie Lundin-Barse, and Erland Jonsson
               (Chalmers University of Technology, Sweden)

               Flow-Level Traffic Analysis of the Blaster and Sobig
               Worm Outbreaks in an Internet Backbone /
               Thomas Dübendorfer, Arno Wagner, Theus Hossmann, and
               Bernhard Plattner (ETH Zurich, Switzerland)

17.00 - 18.30  Meeting of GI - Special Interest Group SIDAR      

19.00 - 24.00  Reception at Festsaal of Vienna Town Hall (Rathaus)


Friday, July 8th
----------------

09.30 - 11.00  Session 4: Anomaly Detection 

               A Learning-Based Approach to the Detection of SQL
               Attacks / 
               Fredrik Valeur, Darren Mutz, and Giovanni Vigna (UC
               Santa Barbara, USA)

               Masquerade Detection via Customized Grammars /
               Mario Latendresse (Volt Services/Northrop Grumman,
               FNMOC U.S. Navy, USA)

               A Prevention Model for Algorithmic Complexity Attacks /
               Suraiya Khan and Issa Traore (University of Victoria,
               Canada) 

11.00 - 11.30  Coffee Break

11.30 - 12.30  Session 5: Misuse Detection 
      
               Detecting Malicious Code by Model Checking /
               Johannes Kinder, Stefan Katzenbeisser, Christian
               Schallhart, and Helmut Veith (Technical University
               Munich, Germany) 

               Improving the Efficiency of Misuse Detection /
               Michael Meier, Sebastian Schmerl, and Hartmut Koenig
               (Technical University of Cottbus, Germany)

12.30 - 14.00  Lunch Break

14.00 - 15.00  Session 6: Distributed Intrusion Detection and Testing  

               Enhancing the Accuracy of Network-based Intrusion
               Detection with Host-based Context / 
               Holger Dreger (Technical University Munich, Germany),
               Christian Kreibich (University of Cambridge, UK), Vern
               Paxson (ICSI and LBNL, USA), and Robin Sommer
               (Technical University Munich, Germany) 

               TCPtransform: Property-Oriented TCP Traffic
               Transformation / 
               Seung-Sun Hong, Fiona Wong, S. Felix Wu (UC Davis,
               USA), Bjorn Lilja, Tony Y. Jansson, Henric Johnson, and
               Arne Nelsson (Blekinge Institute of Technology, Sweden)

15.00 - 15.30  Lunch Break

15.30 - 17.00  Session 7: Industry Session 

               Implementation of Honeytoken Module in DBMS Oracle 9iR2
               Enterprise Edition for Internal Malicious Activity
               Detection / 
               Antanas Cenys, Darius Rainys, Lukas Radvilavicius
               (Informtion Systems Laboratory, Lithuania), and Nikolaj
               Goranin (Vilnius Gediminas Technical University,
               Lithuania) 

               Function Call Tracing Attacks To Kerberos 5 /
               Julian Rrushi and Emilia Rosti (Universita degli Studi
               di Milano, Italy)

               Combining IDS and Honeynet Methods for Improved
               Detection and Automatic Isolation of Compromised
               Systems / 
               Stephan Riebach, Birger Toedtmann, and Erwin Rathgeb
               (University Duisburg-Essen, Germany)

17.00 - 17.15  Closing Remarks