Call For Participation - RAID'98

First International Workshop on the
Recent Advances in Intrusion Detection

Sponsored by
IBM Emergency Response Service
The Joint Research Centre of the EC (Institute for Systems, Informatics and Safety)

September 14-16, 1998
Louvain-la-Neuve, Belgium

This workshop, the first in an anticipated annual series, will bring together leading figures from academia, government, and industry to talk about the current state of intrusion detection technologies and paradigms from the research and commercial perspectives.

Research into and development of automated Intrusion Detection Systems (IDS) has been under way for nearly 10 years. By now a number of systems have been deployed in the commercial or government arenas, but all are limited in what they do. At the same time, the numerous research and prototype systems developed have been more engineering than scientific efforts, with scant quantitative performance figures. As we survey the field of automated intrusion detection, we are faced with many questions:

  1. What research questions have yet to be answered (or even asked) about IDS?
  2. What are the open challenges, limitations, and fundamental concerns about present intrusion detection methodologies?
  3. What metrics can we use to measure IDS performance and thus compare different systems and methodologies? These measurements should highlight the successes and expose the limitations of current IDS approaches.
  4. What factors are inhibiting transfer of research ideas into functional deployed systems? How can those be addressed?
  5. What is the role of a deployed IDS? How should or can it fit in with other security systems?
  6. What are the typical IDS operating environments? What can be done to configure IDS to unique operating environments?
  7. What are the challenges for IDS in very large environments, such as the Internet?
  8. Is it time to contemplate IDS standards? What are the advantages and disadvantages of standardizing components of IDS? What forums (e.g., IETF, ISO) would be appropriate for pursuing such standards?
  9. What are the problems of turning the results of intrusion detection tools into legally reliable evidence? What are the problems of admissibility and of courtroom presentation?
We invite proposals and panels that explore these questions or any other aspect of automated intrusion detection. We especially solicit proposals and panels that address:
  1. New results related to intrusion detection methodologies and technologies.
  2. Innovative ways of thinking about intrusion detection; for example, the applicability of R&D in the fields of survivable and/or dependable systems, data mining, etc.
  3. User experiences and lessons learned from fielded intrusion detection systems.
  4. IDS for emerging computer environments (e.g., Java, CORBA, and NT).
  5. Commercial intrusion detection systems.
We have scheduled RAID'98 immediately before ESORICS'98, at the same time as CARDIS'98, and at the same location as both of these conferences. This provides a unique opportunity for the members of these distinct, yet related, communities to participate in all these events and meet and share ideas during joined organized external events.


Marc Dacier (IBM Zurich Research Laboratory, Switzerland)
Kathleen Jackson (Los Alamos National Laboratory, USA)


Matt Bishop (University of California at Davis, USA)
Dick Brackney (National Security Agency, USA)
Yves Deswarte (LAAS-CNRS & INRIA, France)
Baudouin Le Charlier (Universite de Namur, Belgium)
Stuart Staniford-Chen (University of California at Davis, USA)
Rowena Chester (University of Tennessee, USA)
Deborah Frincke (University of Idaho, USA)
Tim Grance (National Institute of Standards and Technology, USA)
Sokratis Katsikas (University of the Aegean, Greece)
Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium)
Mark Schneider (National Security Agency, USA)
Marv Schaefer (Arca Systems, USA)
Peter Sommer (London School of Economics & Political Science, England)
Steve Smaha (Free Agent, USA)
Gene Spafford (Purdue University, USA)
Chris Wee (University of California at Davis, USA)
Kevin Ziese (Cisco/Wheelgroup, USA)


Benoît Macq and Catherine Rouyer (Université catholique de Louvain, Louvain-la-Neuve, Belgium)


The program committee invites proposals for both technical and general interest talks and panels.

Each talk or panel submission must contain:

  1. A separate title page with:
  2. A brief biography of each participant.
  3. The time desired for the talk or panel.
Talk proposals must also include an abstract that is a maximum of 600 words in length. Papers are not required, but if included as an addendum, will be used as supplementary information for the evaluation of the talk proposal. The program committee will allocate each accepted presenter either a 15 or 30-minute slot for the talk, based on the complexity and interest of the proposed topic and the wishes of the speaker. The presenter will be informed the slot length when notified of acceptance.

Panel proposals must also include a description that is a maximum of 300 words, the format of the presentation, and short rationale for the panel. The program committee will allocate accepted panel sessions one to two-hour time slots, based on the complexity and interest of the proposed topic, the number of panelists, and the wishes of the panel chair. The panel chair will be informed the slot length when notified of acceptance.

All proposals must be in English. Plan to give all panels and talks in English.

We must receive all proposals before June 15, 1998. We strongly prefer they be submitted by e-mail to Various formats (ASCII, postscript, Word, WordPro, Framemaker, and LaTex) are acceptable. If necessary, hardcopy proposals may be sent to:

Marc Dacier
Global Security Analysis Lab
IBM Zurich Research Laboratory
Saeumerstrasse 4
CH-8803 Rueschlikon

Each submission will be acknowledged by e-mail. If acknowledgment is not received within seven days, please contact the one of the General Co-Chairs.

A preliminary program will be available at the RAID web site by August 1, 1998.


We solicit interested organizations to contribute to student travel expenses for RAID’98. Corporate sponsorship will cost 2500 US$, and will entitle the organization to four general attendance workshop passes. Please contact a General Co-Chair for more information.


Registration will open on 1 August 1998, at which point detailed registration information (including a list of recommended hotels) will be provided at the RAID'98 web site.

Travel instructions to Louvain-la-Neuve are available on the web (courtesy of the UCL Crypto Group).

Registration will close on 21 August 1998. Late registration will continue until 4 September 1998, but only on a space-available basis, and will include a penalty of 50 US$ (in addition to the fees specified below).

Fees will be levied on a sliding scale, as follows:

Student  200 US$ 
Speaker or Panel Member  250 US$ 
General attendance  350 US$ 

This fee will include workshop sessions, banquet, hosted reception, luncheons, light breakfast service, and coffee and refreshment breaks. There will be no special rate for one-day or other limited attendance. Payment in full will be required at registration.

We are negotiating a registration discount for those attending both the ESORICS conference and the RAID or CARDIS workshops, and for interchangeable workshop registration. Further information will be available when detailed registration information is posted.


On-line workshop proceedings will be posted on the RAID web site immediately following the workshop. It will include:
  1. The final program;
  2. A list of corporate sponsors;
  3. A list of attendees (subject to each attendee’s approval);
  4. The submitted abstract and slides used by each speaker;
  5. The submitted description and rationale for each panel;
  6. The slides used by each panelist; and,
  7. Written position statements from each panelist.
In addition, the most outstanding workshop participants will be invited to submit an analogous formal paper to a special RAID edition of the refereed journal "Computer Networks and ISDN Systems."


Deadline for submission:  June 15, 1998 
Notification of acceptance or rejection:  August 1, 1998 
Registration opens  August 1, 1998 
Notification of proposal acceptance or rejection  August 1, 1998 
Preliminary program posted to web  August 1, 1998 
Registration closes  August 21, 1998 
Late registration closes  September 4, 1998 
Workshop  September 14-16, 1998 


For further information contact one of the General Co-chairs:
Marc Dacier 
IBM Zurich Research Laboratory 
Tel.: +41-1-724-85-62 
Fax.: +41-1-724-89-53 
Kathleen A. Jackson
Los Alamos National Laboratory
Tel.: +41-1-724-86-29
Fax: +41-1-724-89-53
You can also find more info about ESORICS98, CARDIS'98 and RAID'98 by visiting their respective web sites.