Conference on
Detection of Intrusions and Malware & Vulnerability Assessment

DIMVA 2005

July 7-8, 2005
Vienna, Austria


Conference of SIG SIDAR
of the German Informatics Society (GI).

In cooperation with the IEEE Task Force on Information Assurance
and the IEEE Computer Society Technical Committee on Security and Privacy.


Conference Program

Thursday 2005-07-07
08.30 - 09.45   Registration
09.45 - 10.00   Welcome
Christopher Kruegel (Technical University Vienna, Austria) and Klaus Julisch (IBM Zurich, Switzerland)
10.00 - 11.00   Keynote
Philip Attfield (Northwest Security Institute)
11.00 - 11.30   Coffee Break
11.30 - 12.30   Session 1: Obfuscated Code Detection
Analyzing Memory Accesses in Obfuscated x86 Executables
Michael Venable, Mohamed Chouchane, Md Enamul Karim, and Arun Lakhotia (University of Louisiana at Lafayette, USA)
Hybrid Engine for Polymorphic Shellcode Detection
Udo Payer, Peter Teufl, and Mario Lamberger (Institute of Applied Information Processing and Communications, Austria)
12.30 - 14.00   Lunch Break
14.00 - 15.00   Session 2: Honeypots
Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities
Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong (UC Davis, USA)
A Pointillist Approach for Comparing Honeypots
Fabien Pouget (Institut Eurecom, France) and Thorsten Holz (RWTH Aachen University, Germany)
15.00 - 15.30   Coffee Break
15.30 - 17.00   Session 3: Vulnerability Assessment and Exploit Analysis
Automatic Detection of Attacks on Cryptographic Protocols: A Case Study
Ivan Cibrario B., Luca Durante, Riccardo Sisto, and Adriano Valenzano (Politecnico di Torino, Italy)
METAL - A Tool for Extracting Attack Manifestations
Ulf Larson, Emilie Lundin-Barse, and Erland Jonsson (Chalmers University of Technology, Sweden)
Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone
Thomas Dübendorfer, Arno Wagner, Theus Hossmann, and Bernhard Plattner (ETH Zurich, Switzerland)
17.00 - 18.30   Meeting of GI SIG SIDAR
19.00 - 24.00   Dinner Reception (Vienna City Hall)
Additional dinner tickets can be purchased at the conference.

Friday 2005-07-08
09.30 - 11.00   Session 4: Anomaly Detection
A Learning-Based Approach to the Detection of SQL Attacks
Fredrik Valeur, Darren Mutz, and Giovanni Vigna (UC Santa Barbara, USA)
Masquerade Detection via Customized Grammars
Mario Latendresse (Volt Services/Northrop Grumman, FNMOC U.S. Navy, USA)
A Prevention Model for Algorithmic Complexity Attacks
Suraiya Khan and Issa Traore (University of Victoria, Canada)
11.00 - 11.30   Coffee Break
11.30 - 12.30   Session 5: Misuse Detection
Detecting Malicious Code by Model Checking
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith (Technical University Munich, Germany)
Improving the Efficiency of Misuse Detection
Michael Meier, Sebastian Schmerl, and Hartmut Koenig (Technical University of Cottbus, Germany)
12.30 - 14.00   Lunch Break
14.00 - 15.00   Session 6: Distributed Intrusion Detection and Testing
Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context
Holger Dreger (Technical University Munich, Germany), Christian Kreibich (University of Cambridge, UK), Vern Paxson (ICSI and LBNL, USA), and Robin Sommer (Technical University Munich, Germany)
TCPtransform: Property-Oriented TCP Traffic Transformation
Seung-Sun Hong, Fiona Wong, S. Felix Wu (UC Davis, USA), Bjorn Lilja, Tony Y. Jansson, Henric Johnson, and Arne Nelsson (Blekinge Institute of Technology, Sweden)
15.00 - 15.30   Coffee Break
15.30 - 17.00   Session 7: Industry Session
Implementation of Honeytoken Module in DBMS Oracle 9iR2 Enterprise Edition for Internal Malicious Activity Detection
Antanas Cenys, Darius Rainys, Lukas Radvilavicius (Informtion Systems Laboratory, Lithuania), and Nikolaj Goranin (Vilnius Gediminas Technical University, Lithuania)
Function Call Tracing Attacks To Kerberos 5
Julian Rrushi and Emilia Rosti (Universita degli Studi di Milano, Italy)
Combining IDS and Honeynet Methods for Improved Detection and Automatic Isolation of Compromised Systems
Stephan Riebach, Birger Toedtmann, and Erwin Rathgeb (University Duisburg-Essen, Germany)
17.00 - 17.15   Closing Remarks


