First International Workshop on the Recent Advances in Intrusion Detection

Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

31 July 1998

Date: Fri, 31 Jul 1998 16:01:25 +0200
From: dac@zurich.ibm.com (Marc Dacier)
To: cypherpunks@toad.com
Subject: RAID98: Call For Registration

Call For Registration - RAID'98

First International Workshop on the Recent Advances in Intrusion Detection

Sponsored by the IBM Emergency Response Service (http://www.ers.ibm.com)
and the Joint Research Centre of the EC (Institute for Systems, Informatics and Safety)
(http://ntsta.jrc.it)

September 14-16, 1998

Louvain-la-Neuve, Belgium

***********************************************************************

Visit our web site

http://www.zurich.ibm.com/~dac/RAID98

for on-line information regarding the preliminary program, the registration forms, accommodations, maps, etc..

***********************************************************************

RAID'98 is the first in an anticipated annual series of international
workshops that will bring together leading figures from academia,
government, and industry to ponder the current state of intrusion
detection1 technologies and paradigms from the research and commercial
perspectives. Its aim is to further progress in intrusion detection
by promoting the exchange of ideas among researchers, system
developers, and users and by encouraging links between these groups.

RAID'98 will be held in Louvain-la-Neuve, Belgium, on 14-16 September
1998. RAID'98 will be held in the same location as CARDIS'98
(http://www.dice.ucl.ac.be/cardis98) and ESORICS'98
(http://www.dice.ucl.ac.be/esorics98), at the same time as the former
and just prior to the latter. A registration discount is available to
those attending both the ESORICS conference and the RAID workshop.

Registration is now open, and will continue until 21 August 1998. Late
registration will continue until 4 September 1998, but only on a
space-available basis, and will include a penalty of 2000 BEF. If you
need more information regarding registration or accommodations, please
take contact with Catherine Rouyer

E-mail: Rouyer@tele.ucl.ac.be

RAID Secretariat
UCL/TELE (Mrs. Catherine Rouyer)
Place du Levant, 2
B-1348 Louvain-la-Neuve
Belgium

************************** PRELIMINARY PROGRAM *************************

html version available: http://www.zurich.ibm.com/~dac/RAID98

MONDAY SEPTEMBER 14,1998
========================

8:00 9:00
Transfers from hotels, coffee service and participant check-in

Session 1 (Session Chair: Kathleen Jackson)
-------------------------------------------

9:00 - 9:20
Welcome and Introduction
Marc Dacier (IBM ZRL, Switzerland), Jean-Jacques
Quisquater (UCL, Belgium).

9:20 - 9:40
The Rome Labs Experience
Kevin Ziese (Cisco Systems, Inc., USA)

9:40 - 10:00
Intrusion Detection and Legal Proceedings
Peter Sommer (London School of Economics and Political Science, UK)

10:00 - 10:20
Lessons Learned in the Implementation of a
Multi-Location Network Based Real Time Intrusion Detection System
Michael Puldy (IBM Emergency Response Service, USA)

10:20 - 10:40
Break - Coffee service

Session 2 (Session Chair: Baudouin Le Charlier)
------------------------------------------------

10:40 - 11:00
GASSATA, A Genetic Algorithm as an Alternative Tool for
Security Audit Trails Analysis
Ludovic Me (SUPELEC, France)

11:00 - 11:20
Using Bottleneck Verification to Find Novel New Attacks
with a Low False Alarm Rate
Richard Lippmann (MIT Lincoln Laboratory, USA)

11:20 - 11:40
The Use of Information Retrieval Techniques for Intrusion Detection
Ross Anderson (University of Cambridge, UK)

11:40 - 12:00
Tools for Intrusion detection: Results and Lessons
Learned from the ASAX Project
      Abdelaziz. Mounji (Computer Science Institute, Belgium)

12:00 - 13:30
Lunch

Session 3   (Session Chair: Yves Deswarte)
-------------------------------------------

13:30 - 13:50
Dependability of Large-scale Infrastructures and
Challenges for Intrusion Detection
      Marc Wilikens (Institute for Systems, Informatics and Safety, Italy)

13:50 - 14:10
How Re(Pro)active Should An IDS Be?
Richard Overill (King's College London, UK)

14:10 - 14:30
Contribution of Quantitative Security Evaluation to Intrusion Detection
Yves Deswarte (LAAS-CNRS & INRIA, France)

14:30 - 14:50
Intrusion Detection in Telecommunication
      Hai-Ping Ko (GTE Laboratories Incorporated, USA)

14:50 - 15:10
Break - Beverages

Session 4   (Session Chair: TBD)
---------------------------------

15:10 - 15:30
Problems with Networkbased Intrusion Detection for Enterprise Computing
      Thomas Daniels (Purdue University, USA)

15:30 - 15:50
Transitioning IDS Research Into a Viable Product
Mark Crosbie (Hewlett-Packard Corporation, USA)

15:50 - 16:10
Enhanced Network Intrusion Detection in a Smart Enterprise Environment
Ricci Ieong (Hong Kong University of Science and Technology, Hong Kong)

16:10 - 16:30
Integrating Intrusion Detection into the Network/Security Infrastructure
      Mark Wood (Internet Security Systems, Inc, USA)

16:30 - 16:50
Break - Refreshments

Session 5 (Panel Chair: Rowena Chester)
---------------------------------------

16:50 - 18:00
The Nature and Utility of Standards Organizations
for the Intrusion Detection Developers Community

      Participants
        Dick Brackney (NSA)
        Rowena Chester (Chair NCITS (ANSI) T4 Committee)
        Roger French (Compaq)
        Walter Fumy (Chair ISO SC27)
        Larry Nelson (AT&T)
        Vern Paxson (LBNL)
        Gene Spafford (Purdue University)
        Mark Zalewski (Chair TC68)

18:00 - 19:30
Transfers to and from hotels

19:30 - 22:00
Banquet

22:00
Transfers to hotels

TUESDAY SEPTEMBER 15,1998
=========================

8:00 9:00
Transfers from hotels and coffee service

Session 6 (Session Chair: Timothy Grance)
--------------------------------------------

9:00 - 9:20
Measuring Intrusion Detection Systems
Roy Maxion (Carnegie Mellon University, USA)

9:20 - 9:40
The 1998 DARPA/AFRL Off-line Intrusion Detection Evaluation
Richard Lippmann (MIT Lincoln Laboratory, USA)

9:40 - 10:00
Securing Network Audit Logs on Untrusted Machines
Bruce Schneier (Counterpane Systems, USA)

10:00 - 10:20
Intrusion Detection and User Privacy - A Natural Contradiction?
Roland Bueschkes (Aachen University of Technology, Germany)

10:20 - 10:40
Break - Coffee Service

Session 7 (Session Chair: Marc Dacier)
----------------------------------------

10:40 - 11:00
Design and Implementation of an Intrusion Detection System
for OSPF Routing Networks
Y. Frank Jou (MCNC, USA)

11:00 - 11:20
Designing IDLE: The Intrusion Data Library Enterprise
Ulf Lindqvist (Chalmers University of Technology, Sweden)

11:20 - 11:40
Design and Implementation of a Sniffer Detector
Stephane Grundschober (IBM Zurich Research Laboratory, Switzerland)

11:40 - 12:00
The Application of Artificial Neural Networks to Misuse Detection:
Initial Results
      James Cannady (Georgia Tech Research Institute, USA)

12:00 - 13:30
Lunch

Session 8   (Session Chair: Deborah Frincke)
---------------------------------------------

13:30 - 13:50
AAFID: Autonomous Agents for Intrusion Detection
      Diego Zamboni (Purdue University, USA)

13:50 - 14:10
Research Issues in Cooperative Intrusion Detection Between Multiple Domains
Deborah Frincke (University of Idaho, USA)

14:10 - 14:30
A Large-scale Distributed Intrusion Detection Framework
Based on Attack Strategy Analysis
Ming-Yuh Huang (The Boeing Company, USA)

14:30 - 14:50
NIDAR: The Design and Implementation of an Intrusion Detection System
      Ong Tiang Hwee (DSO National Laboratories, Singapore)

14:50 - 15:10
Break - Beverages

Session 9   (Session Chair: Peter Sommer)
------------------------------------------

15:10 - 15:30
A UNIX Anomaly Detection System using Self-Organising Maps
      Albert Hoeglund (Nokia Research Center, Finland)

15:30 - 15:50
Evaluating a Real-time Anomaly-based Intrusion Detection System
Tobias Ruighaver (University of Melbourne, Australia)

15:50 - 16:10
Audit Trail Pattern Analysis for Detecting Suspicious Process Behavior
Andreas Wespi (IBM Zurich Research Laboratory, Switzerland)

16:10 - 16:30
An Immunological Approach to Distributed Network Intrusion Detection
Steven A. Hofmeyr (University of New Mexico, USA)

16:30 - 16:50
Break - Refreshments

Session 10 (Session Chair: Kevin Ziese)
----------------------------------------

16:50 - 17:10
The Limitations of Intrusion Detection Systems on High Speed Networks
Joe Kleinwaechter (Internet Security Systems, Inc, USA)

17:10 - 17:30
CERN Network Security Monitor
Paolo Moroni (CERN, Switzerland)

17:30 - 17:50
HAXOR - A Passive Network Monitor/Intrusion Detection Sensor
Alan Boulanger (IBM Watson Research Center, USA)

17:50 - 18:10
Using Bro to detect network intruders: experiences and status
      Vern Paxson (Lawrence Berkeley National Laboratory, USA)

18:10 - 19:30
Reception

19:30
Transfers to hotels

WEDNESDAY SEPTEMBER 16,1998
===========================

8:00 - 8:40
Transfers from hotels and coffee service

Session 11 (Panel Chair: Gene Spafford)
----------------------------------------

8:40 - 10:00
Intrusion Detection in the Large
    Participants
      Dick Brackney (NSA)
      Deborah Frincke (University of Idaho)
      Michel Miqueu (CNES)
      Jean-Jacques Quisquater (UCL, Belgium)
      Gene Spafford (Purdue University)
      Marc Wilikens (Institute for Systems, Informatics and Safety)
      Kevin Ziese (Cisco/Wheelgroup)

10:00
Adjourn