Recent Advances in Intrusion Detection

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 13th International Symposium on Recent Advances in Intrusion Detection Systems (RAID 2010), which took place in Ottawa, Ontario, Canada, during September 15-17, 2010. As in the past, the symposium brought together leading researchers and practitioners from academia, government, and industry to discuss intrusion detection research and practice. There were eight technical sessionspresentingfullresearchpapersonnetworkprotection,highperformance, malwaredetectionanddefense(2 sessions),evaluation,forensics,anomalydet- tion and access protection, and Web security. Furthermore, there was a poster session presenting emerging research areas and case studies. The RAID 2010 Program Committee received 102 full-paper submissions from all over the world. All submissions were carefully reviewed by independent reviewers on the basis of technical quality, topic, space, and overallbalance. The ?naldecisiontookplaceataProgramCommitteemeetingheldduringMay19-20 inOakland,California,where24paperswereeventuallyselectedforpresentation at the conference and publication in the proceedings. As a continued feature, the symposium later also accepted 15 poster presentations reporting early-stage research,demonstrationof applications,orcasestudies. The authorsof accepted posters were also o?ered the opportunity to have an extended abstract of their work included in the proceedings.

up-to-date results fast track conference proceedings state-of-the-art report

Klappentext

This book constitutes the refereed proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection, RAID 2010, held in Ottawa, Canada, in September 2010. The 24 revised full papers presented together with 15 revised poster papers were carefully reviewed and selected from 102 submissions. The papers are organized in topical sections on network protection, high performance, malware detection and defence, evaluation, forensics, anomaly detection as well as web security.

Inhalt
Network Protection.- What Is the Impact of P2P Traffic on Anomaly Detection?.- A Centralized Monitoring Infrastructure for Improving DNS Security.- Behavior-Based Worm Detectors Compared.- High Performance.- Improving NFA-Based Signature Matching Using Ordered Binary Decision Diagrams.- GrAVity: A Massively Parallel Antivirus Engine.- Malware Detection and Defence.- Automatic Discovery of Parasitic Malware.- BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection.- CANVuS: Context-Aware Network Vulnerability Scanning.- HyperCheck: A Hardware-Assisted Integrity Monitor.- Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory.- Bait Your Hook: A Novel Detection Technique for Keyloggers.- Evaluation.- Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security.- On Challenges in Evaluating Malware Clustering.- Why Did My Detector Do That?!.- Forensics.- NetStore: An Efficient Storage Infrastructure for Network Forensics and Monitoring.- Live and Trustworthy Forensic Analysis of Commodity Production Systems.- Hybrid Analysis and Control of Malware.- Anomaly Detection.- Anomaly Detection and Mitigation for Disaster Area Networks.- Community Epidemic Detection Using Time-Correlated Anomalies.- A Data-Centric Approach to Insider Attack Detection in Database Systems.- Privilege States Based Access Control for Fine-Grained Intrusion Response.- Web Security.- Abusing Social Networks for Automated User Profiling.- An Analysis of Rogue AV Campaigns.- Fast-Flux Bot Detection in Real Time.- Posters.- A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery.- A Distributed Honeynet at KFUPM: A Case Study.- Aspect-BasedAttack Detection in Large-Scale Networks.- Detecting Network Anomalies in Backbone Networks.- Detecting the Onset of Infection for Secure Hosts.- Eliminating Human Specification in Static Analysis.- Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009.- Inferring Protocol State Machine from Real-World Trace.- MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA.- On Estimating Cyber Adversaries' Capabilities: A Bayesian Model Approach.- Security System for Encrypted Environments (S2E2).- Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence.- Toward Specification-Based Intrusion Detection for Web Applications.- Toward Whole-System Dynamic Analysis for ARM-Based Mobile Devices.- Using IRP for Malware Detection.