On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 7th Symposium on Recent Advances in Intrusion Detection (RAID 2004), which took place in Sophia-Antipolis, French Riviera, France, September 15–17, 2004. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection from research as well as commercial perspectives. We also encouraged discussions that - dressed issues that arise when studying intrusion detection, including infor- tion gathering and monitoring, from a wider perspective. Thus, we had sessions on detection of worms and viruses, attack analysis, and practical experience reports. The RAID 2004 Program Committee received 118 paper submissions from all over the world. All submissions were carefully reviewed by several members of the Program Committee and selection was made on the basis of scienti?c novelty, importance to the ?eld, and technical quality. Final selection took place at a meeting held May 24 in Paris, France. Fourteen papers and two practical experience reports were selected for presentation and publication in the conf- ence proceedings. In addition, a number of papers describing work in progress were selected for presentation at the symposium. The keynote addresswas given by Bruce Schneier of Counterpane Systems. H? akan Kvarnstrom ¨ of TeliaSonera gave an invited talk on the topic “Fighting Fraud in Telecom Environments. ” A successful symposium is the result of the joint e?ort of many people.
Author(s): Lap Chung Lam, Tzi-cker Chiueh (auth.), Erland Jonsson, Alfonso Valdes, Magnus Almgren (eds.)
Series: Lecture Notes in Computer Science 3224
Edition: 1
Publisher: Springer-Verlag Berlin Heidelberg
Year: 2004
Language: English
Pages: 322
Tags: Management of Computing and Information Systems; Computers and Society; Data Encryption; Computer Communication Networks; Operating Systems
Front Matter....Pages -
Automatic Extraction of Accurate Application-Specific Sandboxing Policy....Pages 1-20
Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths....Pages 21-38
HoneyStat: Local Worm Detection Using Honeypots....Pages 39-58
Fast Detection of Scanning Worm Infections....Pages 59-81
Detecting Unknown Massive Mailing Viruses Using Proactive Methods....Pages 82-101
Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection....Pages 102-124
Attack Analysis and Detection for Ad Hoc Routing Protocols....Pages 125-145
On the Design and Use of Internet Sinks for Network Abuse Monitoring....Pages 146-165
Monitoring IDS Background Noise Using EWMA Control Charts and Alert Information....Pages 166-187
Symantec Deception Server Experience with a Commercial Deception System....Pages 188-202
Anomalous Payload-Based Network Intrusion Detection....Pages 203-222
Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix....Pages 223-237
Seurat: A Pointillist Approach to Anomaly Detection....Pages 238-257
Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds....Pages 258-277
Formal Reasoning About Intrusion Detection Systems....Pages 278-295
RheoStat: Real-Time Risk Management....Pages 296-314
Back Matter....Pages -
