France Telecom Group

Fifth Conference on
Detection of Intrusions and Malware & Vulnerability Assessment

DIMVA 2008

July 10-11th, 2008
Paris, France
Conference of SIG SIDAR
of the German Informatics Society (GI)


Submission guidelines
Call for Papers
Travel information
Conference program
Registration form

DIMVA 2008: Program

10th July (Thursday)
8:30    Registration
9:00    Opening remarks
slides pictures
9:15    Session: Malware detection and prevention (I) (chair: Ludovic Me)
Dynamic Binary Instrumentation-based Framework for Malware (Virus) Defense
Najwa Aaraj, Anand Raghunathan, Niraj K. Jha
slides paper pictures
Embedded Malware Detection using Markov n-grams
M. Zubair Shafiq, Syed Ali Khayam, Muddassar Farooq
slides paper pictures
Learning and Classification of Malware Behavior
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick DŘssel, Pavel Laskov
slides paper pictures
10:45    Coffee break
11:15    Session: Attack prevention (chair: John McHugh)
Data Space Randomization (DSR)
Sandeep Bhatkar, R. Sekar
slides paper pictures
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
Prithvi Bisht, V.N. Venkatakrishnan
slides paper pictures
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
Brett Stone-Gross, David Sigal, Rob Cohn, John Morse, Kevin Almeroth, Christopher Kruegel
paper pictures
12:45    Lunch
14:00    Keynote talk: "The Future of Network Security Monitoring", Richard Bejtlich, Director of Incident Response, General Electric
Abstract: Richard Bejtlich explored Network Security Monitoring (NSM) in his first book, the Tao of Network Security Monitoring: Beyond Intrusion Detection, in 2004. Richard based his discussion on a historical foundation reaching back to the early 1990s. In this talk, Richard will briefly explore that history and provide context for current NSM implementations. Richard will then look forward to see how NSM fits in a world where the cloud is the computer, most endpoints are terminals (again), and the network is one of many simultaneous connections not under control of the IT department.
Speaker bio:Richard Bejtlich is Director of Incident Response for General Electric. Prior to joining GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics." He also writes for his blog (
slides pictures
15:15    Coffee break
15:45    Session: Attack techniques and Vulnerability assessment (chair: Ulrich Flegel)
On Race Vulnerabilities in Web Applications
Roberto Paleari, Davide Marrone, Danilo Bruschi, Mattia Monga
slides paper pictures
On the Limits of Information Flow Techniques for Malware Analysis and Containment
Lorenzo Cavallaro, Prateek Saxena, R. Sekar
slides paper pictures


11th July (Friday)
8:30    Registration
09:00    Keynote talk: "From Virtual Machines to Virtual Infrastructure: How Virtualization is Reshaping the Enterprise and What this Means for Security", Tal Garfinkel, VMware/Stanford University
Abstract:The move to virtual machine based computing platforms is perhaps the most significant change in how enterprise computing systems have been built in the past decade. In this talk Tal Garfinkel will look at how virtualization is reshaping the way that enterprise data centers are built and managed. He will then share some of the challenges and surprises encountered along the way. Finally, he will explore the unique opportunities these changes are offering to rethink how we design host and network security.
Speaker bio:Tal Garfinkel is a senior scientist in the advanced development group at VMware where he splits his time between developing new technologies and setting the direction for the core platform security architecture. He is currently completing a PhD at Stanford University and holds a bachelor's degree in computer science from the University of California, Berkeley.
10:15    Coffee break
10:45    Session: Malware detection and prevention (II) (chair: Sven Dietrich)
Expanding Malware Defense by Securing Software Installations
Weiqing Sun, R. Sekar, Zhenkai Liang, V.N. Venkatakrishnan
slides paper pictures
FluXOR: detecting and monitoring fast-flux service networks
Emanuele Passerini, Roberto Paleari, Lorenzo Martignoni, Danilo Bruschi
slides paper pictures
Traffic Aggregation for Malware Detection
Ting-Fang Yen, Michael Reiter
slides paper pictures
12:15    Lunch
13:45    Rump session (chair: Sven Dietrich)
14:45    Coffee break
15:15    Session: Intrusion detection and Activity correlation (chair: Bernhard Haemmerli)
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
Carrie Gates, John McHugh
slides paper
The Quest for Multi-headed Worms
Van-Hau Pham, Marc Dacier, Guillaume Urvoy-Keller, Taoufik En-Najjary
slides paper
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
Leo Juan, Christian Kreibich, Chih-Hung Lin, Vern Paxson
slides paper
16:45    Concluding remarks

Organized by France TÚlÚcom - Orange Labs