RAID 2002 Home | Program | Registration | Location | Visitor information | Travel information | Hotels | History of RAID | Author instructions

RAID 2002 program

Wednesday, Oct. 16

09:00  Registration opens
 
11:00 - 12:00  ESORICS Intrusion Detection Session
Registrants of RAID are welcome to attend this session
 
12:30  Lunch
 
13:00  Registration / Coffee
 
14:00 - 14:30  Welcome
 
14:30 - 15:30  Invited Talk
Challenges for the Future of Intrusion Detection,
Marcus J. Ranum, USA
 
15:30 - 16:00  Coffee Break
 
16:00 - 17:00  Stepping Stone Detection - Chair: Giovanni Vigna (UC Santa Barbara, USA)
Detecting Long Connection Chains of Interactive Terminal Sessions,
Kwong H. Yung (Stanford University, Statistics Department, USA)
Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay,
David L. Donoho (1), Ana Georgina Flesia (1), Umesh Shankar (2), Vern Paxson (3), Jason Coit (4), Stuart Staniford (4)
(1): Statistics Department, Stanford University, USA
(2): Department of Computer Science, University of California, Berkeley, USA
(3): International Computer Science Institute, USA
(4): Silicon Defense, USA

Thursday, Oct. 17

08:30 - 09:00  Registration / Coffee
09:00 - 10:30  Anomaly Detection - Chair: Ludovic Mé (Supélec, France)
Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses,
Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo (Columbia University, USA)
ELISHA: A Visual-Based Anomaly Detection System,
Soon-Tee Teoh, Kwan-Liu Ma, S. Felix Wu, Xi-Liang Zhao, Dan Massey, Allison Mankin, Lixia Zhang, Lan Wa, Dan Pei, Randy Bush (UC Davis, USA)
Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits,
Kymie M.C. Tan, Kevin S. Killourhy, Roy A. Maxion (Dependable Systems Lab, Carnegie-Mellon University, USA)
 
10:30 - 11:00  Coffee Break
 
11:00 - 12:30  Correlation - Chair: Marc Dacier (Eurécom, France)
Analyzing Intensive Intrusion Alerts Via Correlation,
Peng Ning, Yun Cui, Douglas S. Reeves (North Carolina State University, Department of Computer Science, USA)
A Mission-Impact-Based Approach to INFOSEC Alarm Correlation,
Phillip A. Porras, Martin W. Fong, Alfonso Valdes (SRI International, USA)
M2D2: A Formal Data Model for IDS Alert Correlation,
Benjamin Morin (1), Ludovic Mé (2), Hervé Debar (1), Mireille Ducassé (3)
(1): France Telecom R&D, France
(2): Supélec, France
(3): IRISA/INSA, France
 
12:30 - 14:00  Lunch
 
14:00 - 15:00  Legal Aspects / Intrusion Tolerance - Chair: Al Valdes (SRI, USA)
Development of a Legal Framework for Intrusion Detection,
Steven R. Johnston (Communications Security Establishment, Canada),
Learning Unknown Attacks - A Start,
James E. Just (1), Larry A. Clough (1), Melissa Danforth (2), Karl N. Levitt (2), Ryan Maglich (1), James C. Reynolds (1), Jeff Rowe (2)
(1): Teknowledge corporation, USA
(2): University of California, Davis, USA
 
15:00 - 15:30  Coffee Break
 
15:30 - 17:00  Panel on Cyberwar - Chair: Roy Maxion (Carnegie Mellon University, USA)
John McHugh, CMU/SEI CERT, USA
Vern Paxson, ICSI/LBNL, USA
Marcus J. Ranum, USA
Sal Stolfo, Columbia University, USA
 
19:00  Conference Banquet in the ETH "Dozentenfoyer" (Faculty Club)

Friday, Oct. 18

08:30 - 09:00  Registration / Coffee
09:00 - 11:00  Assessment of Intrusion Detection Systems - Chair: Richard Lippmann (MIT/Lincoln Lab, USA)
Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems,
Herve Debar, Benjamin Morin (France Telecom R&D, France)
A Stochastic Model for Intrusions,
Robert P. Goldman (Honeywell, USA)
Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool,
Vladimir Gorodetski, Igor Kotenko (St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, Russia)
Capacity Verification for High Speed Network Intrusion Detection Systems,
Mike Hall, Kevin Wiley (Cisco Systems, USA)
 
11:00 - 11:30  Coffee Break
 
11:30 - 12:30  Adaptive Intrusion Detection Systems - Chair: Hervé Debar (France Telecom R&D, France)
Performance Adaptation in Real-time Intrusion Detection,
Wenke Lee, Joao B. D. Cabrera, Ashley Thomas, Niranjan Balwalli, Yi Zhang (Georgia Institute of Technology, USA)
Requirements for Plan Recognition in Network Security Systems,
Christopher W. Geib, Robert P. Goldman (Honeywell Labs, USA)
 
12:30 - 14:00  Lunch
 
14:00 - 15:30  Intrusion Detection Analysis - Chair: John McHugh (CMU/SEI CERT, USA)
Accurate Buffer Overflow Detection via Abstract Payload Execution,
Thomas Toth, Christopher Kruegel (Distributed Systems Group, Technical University Vienna, Austria)
Introducing Reference Flow Control for Intrusion Detection at the OS Level,
Jacob Zimmermann, Ludovic Me, Christophe Bidan (Supélec, France)
The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection,
Richard Lippmann, Seth Webster, Douglas Stetson (MIT Lincoln Laboratory, USA)
 
15:30  Concluding Remarks