| Monday, 8 September 2003 | |
| 08.00 | Registration |
| 10.00 | Opening Remarks |
| 10:15 | Invited Talk |
| Richard Clarke (Former Special Advisor to the President for Cyber Security) | |
| Turning off the Alarm System? | |
| 11.15 | Coffee Break |
| 11.45 | Network Infrastructure (Session Chair: Felix Wu) |
| - Mitigating Distributed Denial of Service Attacks Using a Proportional-Integral-Derivative
Controller Marcus Tylutki and Karl Levitt University of California, Davis, USA |
|
| - Topology-based Detection of Anomalous BGP Messages Christopher Kruegel, Darren Mutz, William Robertson, and Fredrik Valeur University of California, Santa Barbara, USA |
|
| 12.45 | Lunch |
| 14.00 | Invited Talk |
| Richard Stiennon (Vice President of Research, Network Security, Gartner Group) | |
| Defense in Depth, An Alternative to Intrusion Detection | |
| 15.00 | Coffee Break |
| 15.30 | Anomaly Detection I (Session Chair: Wenke Lee) |
| - Detecting Anomalous Network Traffic with Self-Organizing Maps Manikantan Ramadas, Shawn Ostermann, and Brett Tjaden Ohio University and James Madison University, USA |
|
| - An Approach for Detecting Self-Propagating Email Using Anomaly Detection Ajay Gupta and R. Sekar SUNY at Stony Brook, USA |
|
| 16.30 | End of Technical Program - Day 1 |
| 19.00 | Conference Reception and Banquet |
| |
|
| Tuesday, 9 September 2003 | |
| 08.00 | Registration |
| 10.00 | Correlation (Session Chair: Phil Porras) |
| - Statistical Causality Analysis of INFOSEC Alert Data Xinzhou Qin and Wenke Lee Georgia Institute of Technology, USA |
|
| - Correlation of Intrusion Symptoms: an Application of Chronicles Benjamin Morin and Herve Debar France Telecom R&D, France |
|
| 11.00 | Coffee Break |
| 11.30 | Modeling and Specification (Session Chair: Ulf Lindqvist) |
| - Modeling Computer Attacks: An Ontology for Intrusion Detection Jeffrey Undercoffer, Anupam Joshi, and John Pinkston University of Maryland, USA |
|
| - Using Specification-Based Intrusion Detection for Automated Response Ivan Balepin, Sergei Maltsev, Jeff Rowe, and Karl Levitt University of California, Davis, USA, and Bauman Moscow State Technical University, Russia |
|
| 12.30 | Lunch |
| 14.00 | Panel - Detecting Worms and Malicious Code |
| 15.30 | Coffee Break |
| 16.00 | IDS Sensors (Session Chair: Calvin Ko) |
| - Characterizing the Performance of Network Intrusion Detection Sensors Lambert Schaelicke, Thomas Slabach, Branden Moore, and Curt Freeland University of Notre Dame, USA |
|
| - Using Decision Trees to Improve Signature-based Intrusion Detection Christopher Kruegel and Thomas Toth University of California, Santa Barbara, USA, and Technical University Vienna, Austria |
|
| - Ambiguity Resolution via Passive OS Fingerprinting Greg Taleck NFR Security, Inc., USA |
|
| 17.30 | Poster session and industry demonstrations |
| 19.30 | End of Technical Program - Day 2 |
| |
|
| Wednesday, 10 September 2003 | |
| 09.30 | Anomaly Detection II (Session Chair: Roy Maxion) |
| - Two Sophisticated Techniques to Improve HMM-based Intrusion Detection
Systems Sung-Bae Cho and Sang-Jun Han Yonsei University, Korea |
|
| - An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data
for Network Anomaly Detection Matthew V. Mahoney and Philip K. Chan Florida Institute of Technology and Massachusetts Institute of Technology, USA |
|
| 10.30 | Coffee Break |
| 11.00 | iDemo Project Report (Laura Tinnel, Teknowledge) |
| 12.00 | Closing remarks |
| 12.30 | End of Program - Day 3 |