Conference Program

Thursday, July 12

9:00-9:15 Opening remarks
9:15-10:30 Keynote
  Considerations and Pitfalls for Conducting Intrusion Detection Research
Vern Paxson (International Computer Science Institute & Lawrence Berkeley National Laboratory)
10:30-11:00 Coffee break
11:00-12:30 Session 1 - Web Security
 Session chair: Christian Kreibich
  Extensible Web Browser Security
Mike Ter Louw, Jin Soon Lim and V.N. Venkatakrishnan
  On the Effectiveness of Techniques to Detect Phishing Sites
Christian Ludl, Sean McAllister, Engin Kirda and Christopher Kruegel
  Protecting the Intranet Against “JavaScript Malware” and Related Attacks
Martin Johns and Justus Winter
12:30-14:00 Lunch
14:00-15:15 Session 2 - Intrusion Detection
 Session chair: Michael Meier
  On the Effects of Learning Set Corruption in Anomaly-based Detection of Web Defacements
Eric Medvet and Alberto Bartoli
  Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract)
Krzysztof Brzezinski
  Characterizing the Remote Control Behavior of Bots
Elizabeth Stinson and John Mitchell
15:15-15:45 Coffee break
15:45-17:00 Session 3 - Traffic Analysis
 Session chair: Ulrich Flegel
  Measurement and Analysis of Autonomous Spreading Malware in a University Environment
Jan Goebel, Thorsten Holz and Carsten Willems
  Passive Monitoring of DNS Anomalies (Extended Abstract)
Bojan Zdrnja, Nevil Brownlee and Duane Wessels
  Characterizing Dark DNS Behavior
Jon Oberheide, Manish Karir and Zhuoqing Mao
17:00-17:30 Meeting of GI SIG SIDAR (open for all interested attendees)
17:30 Transfer to Conference Dinner
At dinner Invited Talk
  Aspects of ITSEC in the Swiss e-Government-Program
Peter Trachsel (Deputy Head of Federal Strategic Unit for IT, Switzerland)

Friday, July 13

9:00-10:15 Invited Talk
  SCADA Systems: Challenges to Security Assessment and Testing
Marcelo Masera (Institute for the Protection and Security of the Citizen at the Joint Research Centre of the European Commission)
10:15-10:45 Coffee break
10:45-11:45 Session 4 - Network Security
 Session chair: Hervé Debar 
  Distributed Evasive Scan Techniques and Countermeasures
Min Gyung Kang, Juan Caballero and Dawn Song
  On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
Jaeyeon Jung, Rodolfo Milito and Vern Paxson
11:45-12:30 Rump Session
 Session chair: Sven Dietrich
12:30-14:00 Lunch
14:00-15:30 Session 5 - Host Security
 Session chair: Christopher Kruegel
  Hacking in Physically Adressable Memory
David R. Piegdon and Lexi Pimenidis
  Static Analysis on x86 Executable for Preventing Automatic Mimicry Attacks
Danilo Bruschi, Lorenzo Cavallaro and Andrea Lanzi
  A Study of Malcode-Bearing Documents
Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulaki and Angelos Keromytis
16:00-16:30 Results of the CIPHER3 contest
 Lexi Pimenidis 
16:30-16:45 Concluding remarks

Invited Talks

Considerations and Pitfalls for Conducting Intrusion Detection Research (Slides are online)
Vern Paxson International Computer Science Institute, Lawrence Berkeley National Laboratory

Much of the field of intrusion detection has developed in an ad hoc fashion due to its reactive nature coupled with the continually evolving problem domain.  As a consequence, work in this area is particularly fraught with difficulties regarding how to pursue research recognized as sound and persuasive.  This talk aims to frame a number of considerations and pitfalls in this regard, drawing upon the speaker's experience on more than 20 security-related program committees, and serving as program chair for the USENIX Security Symposium and two terms as program co-chair for the IEEE Symposium on Security and Privacy.


SCADA Systems: Challenges to Security Assessment and Testing
Marcelo Masera
Institute for the Protection and Security of the Citizen, Joint Research Centre of the European Commission

Industrial control systems (aka SCADA) have been neglected from the security viewpoint, but in the current world of pervasive connection their vulnerability and potential threats have to be explored. SCADA are key components of critical systems, such as power, gas and oil, chemical, pharmaceutical, and manufacturing installations. Their failure can caused severe damage, not just to their industrial setting, but to society at large. The access to Internet is not only an unwanted trait, but it is required for maintenance and updating purposes. Therefore it cannot be ignored, and it has to be factored in with all the related security implications. Many lessons can be drawn from typical information systems, but SCADA present some particular features, e.g. they generally cannot be stopped or rebooted as part of an experiment. Specific strategies for their protection and assessment are needed. More specifically, there is an urgent requirement for developing dedicated test-beds, where to try, experiment and resolve security issues. As practitioners of the computer science and information technology field know little of industrial control, and those specialised in the latter have normally less experience in ICT security, there cold be great advantages in establishing a link between these communities.