RAID 98 – Monday, September 14, 1998

Session 1
Session Chair: Kathleen Jackson

9:00 – 9:20 Welcome and Introduction

Marc Dacier (IBM ZRL, Switzerland), Jean-Jacques Quisquater (UCL, Belgium).

9:20 – 9:50 The Rome Labs Experience Kevin Ziese (Cisco Systems, Inc., USA)
9:50 – 10:20 Intrusion Detection and Legal Proceedings
(full paper available PDF or PS)
Peter Sommer (London School of Economics and Political Science, UK)

Session 2
Session Chair: Baudouin Le Charlier

10:40 – 11:00 GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis
(slides available PDF or PS)
(full paper available PDF or PS)
Ludovic Me (SUPELEC, France)
11:00 – 11:20 Using Bottleneck Verification to Find Novel New Attacks with a Low False Alarm Rate
(slides available PDF or PS)
Richard Lippmann (MIT Lincoln Laboratory, USA)
11:20 – 11:40 The Use of Information Retrieval Techniques for Intrusion Detection Ross Anderson (University of Cambridge, UK)
11:40 – 12:00 Tools for Intrusion detection: Results and Lessons Learned from the ASAX Project
(slides available PowerPoint (gzipped) or HTML)
Abdelaziz Mounji (SWIFT s.c., Belgium)

Session 3
Session Chair: Yves Deswarte

13:30 – 13:50 Dependability of Large-scale Infrastructures and Challenges for Intrusion Detection
(see the RAID98 workshop report by the same author PDF, PS, Word (gzipped) or HTML)
Marc Wilikens (Institute for Systems, Informatics and Safety, Italy)
13:50 – 14:10 How Re(Pro)active Should An IDS Be?
(slides available PDF, LaTex or PS)
Richard Overill (King's College London, UK)
14:10 – 14:30 Contribution of Quantitative Security Evaluation to Intrusion Detection
(slides available PowerPoint (gzipped) or HTML)
Yves Deswarte (LAAS-CNRS & INRIA, France)

Session 4
Session Chair: Karl Levitt

15:10 – 15:30 Problems with Network­based Intrusion Detection for Enterprise Computing
(slides available PowerPoint (gzipped), PS or HTML)
Thomas Daniels (Purdue University, USA)
15:30 – 15:50 Lessons Learned in the Implementation of a Multi-Location Network Based Real Time Intrusion Detection System
(slides available Freelance Graphics (gzipped) or HTML)
Michael Puldy (IBM Emergency Response Service, USA)
15:50 – 16:10 Enhanced Network Intrusion Detection in a Smart Enterprise Environment
(full text available Word (gzipped) or HTML)
Ricci Ieong, James Pang (Hong Kong University of Science and Technology, Hong Kong)
16:10 – 16:30 Integrating Intrusion Detection into the Network/Security Infrastructure
(slides available PowerPoint (gzipped) or HTML)
Mark Wood (Internet Security Systems, Inc, USA)
16:50 – 18:00 Session 5
Panel Chair: Rowena Chester

The Nature and Utility of Standards Organizations for the Intrusion Detection Community
(minutes available HTML)

Participants
Dick Brackney (NSA)
Rowena Chester (Chair NCITS (ANSI) T4 Committee)
Mike Erlinger (Harvey Mudd College, CIDF)
Roger French (Compaq)
Walter Fumy (Chair ISO SC27)
Larry Nelson (AT&T)
Vern Paxson (LBNL)

RAID 98 – Tuesday, September 15, 1998

Session 6
Session Chair: Timothy Grance

9:00 – 9:20 Measuring Intrusion Detection Systems
(slides available PDF or PS)
Roy Maxion (Carnegie Mellon University, USA)
9:20 – 9:40 The 1998 DARPA/AFRL Off-line Intrusion Detection Evaluation
(slides available PDF or PS)
I. Graf (MIT Lincoln Laboratory, USA)
9:40 – 10:00 Securing Network Audit Logs on Untrusted Machines
(slides available PDF, PS, PowerPoint (gzipped) or HTML)
Bruce Schneier (Counterpane Systems, USA)
10:00 – 10:20 Intrusion Detection and User Privacy – A Natural Contradiction?
(slides available PDF , PS, PowerPoint (gzipped) or HTML)
Roland Büschkes (Aachen University of Technology, Germany)

Session 7
Session Chair: Marc Dacier

10:40 – 11:00 Design and Implementation of an Intrusion Detection System for OSPF Routing Networks
(slides available PowerPoint (gzipped) or HTML)
S. Felix Wu (MCNC, USA)
11:00 – 11:20 Designing IDLE: The Intrusion Data Library Enterprise
(slides available PowerPoint (gzipped) or HTML)
Ulf Lindqvist (Chalmers University of Technology, Sweden)
11:20 – 11:40 Design and Implementation of a Sniffer Detector
(slides available Freelance Graphics (gzipped) or HTML)
Stephane Grundschober (IBM Zurich Research Laboratory, Switzerland)
11:40 – 12:00 The Application of Artificial Neural Networks to Misuse Detection: Initial Results
(full paper available Word (gzipped))
(slides available PowerPoint (gzipped) or HTML)
James Cannady (Georgia Tech Research Institute, USA)

Session 8
Session Chair: Deborah Frincke

13:30 – 13:50 AAFID: Autonomous Agents for Intrusion Detection
(slides available PowerPoint (gzipped) or HTML)
Diego Zamboni (Purdue University, USA)
13:50 – 14:10 Research Issues in Cooperative Intrusion Detection Between Multiple Domains
(slides available PowerPoint (gzipped) or HTML)
Donald L. Tobin, Jr. (University of Idaho, USA)
14:10 – 14:30 A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis
(full paper available PDF or PS)
(slides available PowerPoint (gzipped) or HTML)
Ming-Yuh Huang (The Boeing Company, USA)
14:30 – 14:50 NIDAR: The Design and Implementation of an Intrusion Detection System Yong Tai Tan (DSO National Laboratories, Singapore)

Session 9
Session Chair: Peter Sommer

15:10 – 15:30 A UNIX Anomaly Detection System using Self-Organising Maps
(slides available PowerPoint (gzipped) or HTML)
Albert Höglund (Nokia Research Center, Finland)
15:30 – 15:50 Evaluating a Real-time Anomaly-based Intrusion Detection System
(slides available PowerPoint (gzipped) or HTML)
Tobias Ruighaver (University of Melbourne, Australia)
15:50 – 16:10 Audit Trail Pattern Analysis for Detecting Suspicious Process Behavior
(slides available Freelance Graphics (gzipped), PDF , PS or HTML)
Andreas Wespi (IBM Zurich Research Laboratory, Switzerland)
16:10 – 16:30 An Immunological Approach to Distributed Network Intrusion Detection
(slides available PowerPoint (gzipped) or HTML)
Patrik D'haeseleer (University of New Mexico, USA)

Session 10
Session Chair: Kevin Ziese

16:50 – 17:10 The Limitations of Intrusion Detection Systems on High Speed Networks Joe Kleinwaechter (Internet Security Systems, Inc, USA)
17:10 – 17:30 CERN Network Security Monitor
( full paper available HTML)
(slides available PowerPoint (gzipped) or HTML)
Paolo Moroni (CERN, Switzerland)
17:30 – 17:50 HAXOR – A Passive Network Monitor/Intrusion Detection Sensor Alan Boulanger (IBM Watson Research Center, USA)
17:50 – 18:10 Using Bro to detect network intruders: experiences and status
(slides available PDF or PS)
Vern Paxson (Lawrence Berkeley National Laboratory, USA)

RAID 98 – Wednesday, September 16, 1998

8:40 – 10:00 Session 11
Panel Chair: Deborah Frincke

Intrusion Detection in the Large
(minutes available PDF or PS)

Participants
Deborah Frincke (University of Idaho, USA)
Karl Levitt (UC Davis, USA)
Michel Miqueu (CNES, France)
Jean-Jacques Quisquater (UCL, Belgium)
Marc Wilikens (Institute for Systems, Informatics and Safety, Italy)
Kevin Ziese (Cisco/Wheelgroup, USA)