RAID 2001 Program
Papers accepted for publication are made available by Springer Verlag as Lecture Notes in Computer Science 2212. Papers that are not contained in the proceedings as well as additional information provided by the authors are available by following the links in the program.

Wed, October 10th, 2001

8h00 - 9h30	Registration of participants
9h30 - 9h45	Welcome (Slides)
9h45 - 11h15	Session 1: Logging and IDS Integration - Chair: Ming-Yuh Huang (Boeing Applied Research and Technology, USA)
	A Building Block Approach to Intrusion Detection (Paper, Slides) Mark J. Crosbie (Hewlett-Packard Company, USA) and Benjamin A. Kuperman (CERIAS, Purdue University, USA) Application-Integrated Data Collection for Security Monitoring (Abstract, Slides) Magnus Almgren and Ulf Lindqvist (SRI International, USA) Interfacing Trusted Applications with Intrusion Detection Systems (Abstract, More Information) Marc Welz and Andrew Hutchison (University of Cape Town, South Africa)
11h15 - 11h45	Coffee break
11h45 - 12h45	Session 2: Modeling Attacks - Chair: Calvin Ko (Network Associates, USA)
	From Declarative Signatures to Misuse IDS (Abstract, Slides) Jean-Philippe Pouzol and Mireille Ducassé (IRISA/INSA de Rennes, France) Translating Snort Rules to STATL Scenarios (Paper, Slides) Steve T. Eckmann (UC Santa Barbara, USA)
12h45 - 14h00	Lunch
14h00 - 15h30	Session 3: Anomaly Detection (1) - Chair: Wenke Lee (Georgia Institute of Technology, USA)
	Accurately Detecting Source Code of Attacks that Increase Privilege (Abstract) Robert K. Cunningham and Craig S. Stevenson (MIT Lincoln Laboratory, USA) CDIS: Towards a Computer Immune System for Detecting Network Intrusions (Abstract, Slides, More Information) Paul Williams (Headquarters Air Intelligence Agency, USA), Kevin Anchor, John Bebo, Gregg Gunsch, and Gary Lamont (Air Force Institute of Technology, USA) Anomaly Intrusion Detection at the Application Layer Hajime Inoue and Stephanie Forrest (University of New Mexico, USA)
15h30 - 16h30	Session 4: IDS Assessment - Chair: Giovanni Vigna (UC Santa Barbara, USA)
	LARIAT: Lincoln Adaptable Real-time Information Assurance Testbed (Slides) Lee M Rossey, Robert K. Cunningham, David J. Fried, Jesse C. Rabek, Richard P. Lippmann, and Joshua W. Haines (MIT Lincoln Laboratory, USA) An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT (Paper, Slides) Samuel Patton, William Yurcik, and David Doss (Illinois State Univesity, USA)
16h30 - 17h00	Coffee break
17h00 - 18h30	Panel 1: The Present and Future of IDS Testing Methodologies - Moderator: Tim Grance (NIST, USA)
	Richard Lippmann (MIT Lincoln Laboratory, USA) Roy Maxion (CMU, USA) John McHugh (SEI/CERT, USA) Andreas Wespi (IBM Zurich Research Laboratory, Switzerland) (Slides)

Thu, October 11th, 2001

9h00 - 11h00	Session 5: IDS Cooperation - Chair: Ludovic Mé (Supélec, France)
	Probabilistic Alert Correlation (Abstract) Alfonso Valdes and Keith Skinner (SRI International, USA) Designing a Web of Highly-Configurable Intrusion Detection Sensors (Abstract, Slides) Giovanni Vigna, Richard A. Kemmerer, and Per Blix (UC Santa Barbara, USA) A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents (Paper, Slides) Rajeev Gopalakrishna and Eugene H. Spafford (Cerias, Purdue University, USA) Aggregation and Correlation of Intrusion-Detection Alerts (Abstract, Slides) Hervé Debar (France Télécom, France) and Andreas Wespi (IBM Zurich Research Laboratory, Switzerland)
11h00 - 11h30	Coffee break
11h30 - 12h30	Session 6: Anomaly Detection (2) - Chair: Al Valdes (SRI International, USA)
	Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users (Paper, Slides) Jude Shavlik (University of Wisconsin, USA), Mark Shavlik, and Michael Fahland (Shavlik Technologies, USA) Profiling UNIX Users And Processes Based on Rarity of Occurrence Statistics with Applications to Computer Intrusion Detection (Paper, Slides) Wen-Hua Ju (Avaya Labs Research, USA) and Yehuda Vardi (Rutgers University, USA)
12h30 - 13h00	Session 7: Legal Aspects - Chair: Tim Grance (NIST, USA)
	The Impact of Recent Privacy and Data Protection Legislation on the Sharing of Intrusion Detection Information (Abstract, Slides) Steven Johnston (Communications Security Establishment, Canada)
13h00 - 14h30	Lunch
14h30 - 15h30	Session 8: Intrusion Tolerance - Chair: Yves Deswarte (LAAS-CNRS, France)
	Autonomic Response to Distributed Denial of Service Attacks (Abstract) Daniel Sterne, Kelly Djahandari, Brett Wilson, Bill Babson (Netork Associates, USA), Daniel Schnackenberg, Harley Holliday, and Travis Reid (Boeing Phantom Works, USA) An Architecture for the Flexible Deployment of Intrusion-Tolerant Services Across Enterprise Systems (Slides) Alfonso Valdes (SRI International, USA), Yves Deswarte (LAAS-CNRS, France), Bruno Dutertre, Hassen Saidi, and Victoria Stavridou (SRI International, USA)
15h30 - 16h00	Coffee break
16h00 - 17h30	Panel 2: Intrusion Tolerance - Moderator: Yves Deswarte (LAAS-CNRS, France) (Slides) Crispin Cowan (WireX Communications, USA) (Slides) Daniel Schnackenberg (Boeing Phantom Works, USA) Alfonso Valdes (SRI International, USA) Andreas Wespi (IBM Zurich Research Laboratory, Switzerland) (Slides)

Fri, October 12th, 2001

9h00 - 10h30	Panel 3: Where are we going? - The Future of Intrusion Detection - Moderator: John McHugh (SEI/CERT, USA)
	Tim Grance (NIST, USA) Richard Kemmerer (UC Santa Barbara, USA) Karl Levitt (UC Davis, USA) Phil Porras (SRI International, USA) (Slides) Stuart Staniford (Silicon Defense, USA)
10h30 - 11h00	Coffee break
11h00 - 12h00	Session 9: Specification-Based IDS - Chair: Matt Bishop (UC Davis, USA)
	Experiences with Specification Based Intrusion Detection (Abstract, Slides) Prem Uppuluri and R. Sekar (SUNY at Stony Brook, USA) System Health and Intrusion Monitoring using a Hierarchy of Constraints (Abstract, Slides) Calvin Ko (Network Associates, USA), Paul Brutch (Network Associates, USA), Jeff Rowe (UC Davis, USA), Guy Tsafnat (Network Associates, USA), and Karl Levitt (UC Davis, USA)
12h00 - 12h15	Concluding remarks (Slides)
12h15 - 13h30	Lunch

Page maintained by Andreas Wespi, last updated Nov. 2, 2001.