Recent Advances in Intrusion Detection: 5th International Symposium, RAID 2002, Zurich, Switzerland, October 16-18, 2002, Proceedings

Front Cover
Andreas Wespi, Giovanni Vigna, Luca Deri
Springer Science & Business Media, Oct 2, 2002 - Technology & Engineering - 327 pages
On behalf of the program committee, it is our pleasure to present to you the proceedings of the Fifth Symposium on Recent Advances in Intrusion Detection (RAID). Since its ?rst edition in 1998, RAID has established itself as the main annual intrusion detection event, attracting researchers, practitioners, and v- dors from all over the world. The RAID 2002 program committee received 81 submissions (64 full papers and 17 extended abstracts) from 20 countries. This is about 50% more than last year. All submissions were carefully reviewed by at least three program comm- tee members or additional intrusion-detection experts according to the criteria ofscienti?cnovelty,importancetothe?eld,andtechnicalquality.Finalselection took place at a meeting held on May 15–16, 2002, in Oakland, USA. Sixteen full papers were selected for presentation and publication in the conference proc- dings. In addition, three extended abstracts of work in progress were selected for presentation. The program included both fundamental research and practical issues. The seven sessions were devoted to the following topics: anomaly detection, steppi- stonedetection,correlationofintrusion-detectionalarms,assessmentofintrusi- detectionsystems,intrusiontolerance,legalaspects,adaptiveintrusion-detection systems, and intrusion-detection analysis. RAID 2002 also hosted a panel on “Cybercrime,” a topic of major concern for both security experts and the public. Marcus J. Ranum, the founder of Network Flight Recorder, Inc., delivered a keynote speech entitled “Challenges for the Future of Intrusion Detection”.
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Detecting Long Connection Chains of Interactive Terminal Sessions
1
Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay
17
Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses
36
Undermining an AnomalyBased Intrusion Detection System Using Common Exploits
54
Analyzing Intensive Intrusion Alerts via Correlation
74
A MissionImpactBased Approach to INFOSEC Alarm Correlation
95
A Formal Data Model for IDS Alert Correlation
115
Development of a Legal Framework for Intrusion Detection
138
A Stochastic Model for Intrusions
199
Formal GrammarBased Framework and Simulation Tool
219
Capacity Verification for High Speed Network Intrusion Detection Systems
239
Performance Adaptation in RealTime Intrusion Detection Systems
252
Accurate Buffer Overflow Detection via Abstract Payload Execution
274
Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level
292
The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection
307
Author Index
327

Learning Unknown Attacks A Start
158
Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems
177

Other editions - View all

Common terms and phrases

Bibliographic information