RAID 2000 Preliminary Program

The RAID 2000 program allows you to access information made available by the presenters. RAID received three kinds of proposals, full papers, abstracts and panels. Papers are published by Springer Verlag as Lecture Notes in Computer Science #1907. The extended abstracts and panel descriptions are available by following the links in the program.

October 2nd, 2000

8h00 - 9h30	Registration of participants
9h30 - 9h45	Welcome
9h45 - 11h00	Session 1: Logging - Chair: Deborah Frincke (University of Idaho, USA)
	Better Logging Through Formality: Applying Formal Specification Techniques to Improve Audit Logs and Log Consumers Chapman Flack and Mikhail J. Atallah (CERIAS/Purdue University, USA) A Pattern Matching Based Filter for Audit Reduction and Fast Detection of Potential Intrusions Josué Kuri (ENST, France), Gonzalo Navarro (University of Santiago, Chile), Ludovic Mé and Laurent Heye (Supelec, France) Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection Joachim Biskup and Ulrich Flegel (University of Dortmund, Germany)
11h00 - 11h20	Coffee break
11h20 - 12h40	Session 2: Data Mining - Chair: S. Felix Wu (University of California Davis, USA)
	A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions Wenke Lee, Rahul A. Nimbalkar, Kam K. Yee, Sunil B. Patil, Pragneshkumar H. Desai (North Carolina State University, USA), Salvatore Stolfo (Columbia University, USA) Using Finite Automata to Mine Execution Data for Intrusion Detection: a Preliminary Report C. C. Michael and Anup K. Ghosh (Reliable Software Technologies, USA) Review and Outlook of the Detection of Viruses using Intrusion Detection Systems Morton Swimmer (IBM T.J. Watson Research Laboratory, USA)
12h40 - 14h00	Lunch
14h00 - 15h40	Session 3: Modeling process behavior - Chair: Ludovic Mé (Supelec, France)
	Adaptive, Model-based Monitoring for Cyber Attack Detection (Slides) Alfonso Valdes (SRI International, USA) A Real-Time Intrusion Detection System Based on Learning Program Behavior Anup K. Ghosh, Chris Michael, and Michael Schatz (Reliable Software Technologies, USA) Intrusion detection using variable-length audit trail patterns Andreas Wespi, Marc Dacier, and Hervé Debar (IBM Zurich Research Laboratory, Switzerland) Flexible intrusion detection using variable-length behavior modeling in distributed environment: application to CORBA objects Zakia Marrakchi, Ludovic Mé, Bernard Vivinis and Benjamin Morin (Ecole Supérieure d'Electricité, France)
15h40 - 16h00	Coffee break
16h00 - 17h30	Panel 1: Deployment of IDSes - Chair: Marc Dacier (IBM Zurich Research Laboratory, Switzerland) Participants: Richard Blanchet (Renault, France) Ming-Yuh Huang (The Boeing Company, USA) Peter Troxell (IBM Emergency Response Service, USA)
18h30	Reception at the chamber of commerce

October 3rd, 2000

9h00 - 10h40	Session 4: IDS Evaluation - Chair: Tim Grance (National Institute of Standards and Technology, USA)
	The 1998 Lincoln Lab IDS Evaluation - a critique John McHugh (CERT, USA) The 1999 DARPA Off-Line Intrusion Detection Evaluation Richard Lippmann, Joshua W. Haines, David J. Fried, Jonathan Korba, Kumar Das (MIT Lincoln Laboratory, USA) Using Rule-Based Activity Descriptions to Evaluate Intrusion-Detection Systems Dominique Alessandri (IBM Zurich Research Laboratory, Switzerland) Benchmarking a distributed intrusion detection system based on ASAX: Preliminary results Véronique Abily and Mireille Ducassé (IRISA/INSA de Rennes, France)
10h40 - 11h00	Coffee break
11h00 - 12h40	Session 5: Modeling - Chair: Vern Paxson (ACIRI/LBL, USA)
	LAMBDA: A Language to Model a Database for Detection of Attacks Frédéric Cuppens and Rodolphe Ortalo (ONERA Centre de Toulouse, France) Target Naming and Service Apoptosis James Riordan and Dominique Alessandri (IBM Zurich Research Laboratory, Switzerland) Improving Network Security Using Ntop (NTOP homepage) Luca Deri and Stefano Suin (University of Pisa, Italy) Supporting Intrusion Detection by Graph Clustering and Graph Drawing Jens Toelle (University of Bonn, Germany) and Oliver Niggemann (University of Paderborn, Germany)
12h40 - 14h00	Lunch
14h00 - 15h40	Session 6: Legals & Standards - Chair: Kevin J. Ziese (Cisco Systems, USA)
	Early Warning & Threat Assessment for Information Assurance (Slides powerpoint) Dr. Andrew Rathmell, Mr Jim Dorschner, Mr Michael Knights & Mr Leon Watkins (King's College London, UK) The Application of Intrusion Detection Systems in a Forensic Environment Peter Stephenson (Netigy Corporation, USA and Oxford Brookes University, UK) IDWG: Progress towards an open IDS alert standard (txt) Stuart Staniford-Chen (Silicon Defense, USA) IDS/A: An Interface between Intrusion Detection System and Application Andrew Hutchison and Marc Welz (University of Capetown, South Africa)
15h40 - 16h00	Coffee break
16h00 - 18h00	Panel 2: The DDoS Attacks - Chairman: Jon David (Lehman Brothers) Participants: Robert Stone (UUNET Technologies, Inc) Vern Paxson (ACIRI/LBNL) Matt Blaze (AT&T Labs) John Ioannidis (AT&T Labs)
19h30	Conference Banquet

October 4th, 2000

9h00 - 10h40	Session 7: Handling intrusion-detection data - Chair: Hervé Debar (France Télécom R&D, France)
	Dealing with False Positives in Intrusion Detection Klaus Julisch (IBM Zurich Research Laboratory, Switzerland) Detecting Source Code of Attacks that Increase Privilege Robert K. Cunningham and Antonio Rieser (MIT Lincoln Laboratory, USA) Handling Generic Intrusion Signatures is not Trivial Jean-Philippe Pouzol and Mireille Ducassé (IRISA/INSA de Rennes, France) Visualization of Intrusion Detection Data (txt) Tim Farley (Internet Security Systems, USA)
10h40 - 11h00	Coffee break
11h00 - 12h15	Session 8: Advanced techniques for intrusion detection - Chair: Marc Dacier (IBM Zurich Research Laboratory, Switzerland)
	Adaptation of Intrusion Detection Techniques to System Availability Monitoring (Slides) Alfonso Valdes and Keith Skinner (SRI International, USA) Design and implementation issues for embedded sensors in intrusion detection (txt) Eugene H. Spafford and Diego Zamboni (CERIAS/Purdue University, USA) Network Intrusion Location Using Markov Decision Processes T. Darling and M. A. Shayman (University of Maryland, USA)

Please contact Hervé Debar for any questions related to the RAID 2000 program.