Recent Advances in Intrusion Detection

1. Front Matter

   PDF

2. Recent Advances in Intrusion Detection Anomaly and Specification-Based Approaches

   1. Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems

      • Damiano Bolzoni, Sandro Etalle, Pieter H. Hartel

      Pages 1-20

   2. Protecting a Moving Target: Addressing Web Application Concept Drift

      • Federico Maggi, William Robertson, Christopher Kruegel, Giovanni Vigna

      Pages 21-40

   3. Adaptive Anomaly Detection via Self-calibration and Dynamic Updating

      • Gabriela F. Cretu-Ciocarlie, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo

      Pages 41-60

   4. Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems

      • Martin Rehák, Eugen Staab, Volker Fusenig, Michal Pěchouček, Martin Grill, Jan Stiborek et al.

      Pages 61-80

3. Malware Detection and Prevention (I)

   1. Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language

      • Grégoire Jacob, Hervé Debar, Eric Filiol

      Pages 81-100

   2. Automatic Generation of String Signatures for Malware Detection

      • Kent Griffin, Scott Schneider, Xin Hu, Tzi-cker Chiueh

      Pages 101-120

   3. PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime

      • M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza, Muddassar Farooq

      Pages 121-141

4. Network and Host Intrusion Detection and Prevention

   1. Automatically Adapting a Trained Anomaly Detector to Software Patches

      • Peng Li, Debin Gao, Michael K. Reiter

      Pages 142-160

   2. Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration

      • Juan Caballero, Zhenkai Liang, Pongsin Poosankam, Dawn Song

      Pages 161-181

   3. Automated Behavioral Fingerprinting

      • Jérôme François, Humberto Abdelnur, Radu State, Olivier Festor

      Pages 182-201

5. Intrusion Detection for Mobile Devices

   1. SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection

      • Guanhua Yan, Stephan Eidenbenz, Emanuele Galli

      Pages 202-223

   2. Keystroke-Based User Identification on Smart Phones

      • Saira Zahid, Muhammad Shahzad, Syed Ali Khayam, Muddassar Farooq

      Pages 224-243

   3. VirusMeter: Preventing Your Cellphone from Spies

      • Lei Liu, Guanhua Yan, Xinwen Zhang, Songqing Chen

      Pages 244-264

6. High-Performance Intrusion Detection

   1. Regular Expression Matching on Graphics Hardware for Intrusion Detection

      • Giorgos Vasiliadis, Michalis Polychronakis, Spiros Antonatos, Evangelos P. Markatos, Sotiris Ioannidis

      Pages 265-283

   2. Multi-byte Regular Expression Matching with Speculation

      • Daniel Luchaup, Randy Smith, Cristian Estan, Somesh Jha

      Pages 284-303

7. Malware Detection and Prevention (II)

   1. Toward Revealing Kernel Malware Behavior in Virtual Execution Environments

      • Chaoting Xuan, John Copeland, Raheem Beyah

      Pages 304-325

   2. Exploiting Temporal Persistence to Detect Covert Botnet Channels

      • Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler, Dina Papagiannaki

      Pages 326-345

8. Posters

   1. An Experimental Study on Instance Selection Schemes for Efficient Network Anomaly Detection

      • Yang Li, Li Guo, Bin-Xing Fang, Xiang-Tao Liu, Lin-Qi

      Pages 346-347

   2. Automatic Software Instrumentation for the Detection of Non-control-data Attacks

      • Jonathan-Christofer Demay, Éric Totel, Frédéric Tronel

      Pages 348-349

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 12th International Symposium on Recent Advances in Intrusion Detection systems (RAID 2009),which took place in Saint-Malo,France, during September 23–25. As in the past, the symposium brought together leading - searchers and practitioners from academia, government, and industry to discuss intrusion detection research and practice. There were six main sessions prese- ingfullresearchpapersonanomalyandspeci?cation-basedapproaches,malware detection and prevention, network and host intrusion detection and prevention, intrusion detection for mobile devices, and high-performance intrusion det- tion. Furthermore, there was a poster session on emerging research areas and case studies. The RAID 2009ProgramCommittee received59 full paper submissionsfrom all over the world. All submissions were carefully reviewed by independent - viewers on the basis of space, topic, technical assessment, and overall balance. The ?nal selection took place at the Program Committee meeting on May 21 in Oakland, California. In all, 17 papers were selected for presentation and p- lication in the conference proceedings. As a continued feature, the symposium accepted submissions for poster presentations which have been published as - tended abstracts, reporting early-stage research, demonstration of applications, or case studies. Thirty posters were submitted for a numerical review by an independent, three-person sub-committee of the Program Committee based on novelty, description, and evaluation. The sub-committee recommended the - ceptance of 16 of these posters for presentation and publication. The success of RAID 2009 depended on the joint e?ort of many people.

• anomaly detection
• attack prevention
• classification
• digital biometrics
• fingerprint
• fingerprinting
• firewall
• insider-attack detection
• intrusion detection
• intrusion prevention
• malware
• network security
• privacy
• security
• threats analysis

• Institute Eurecom, Sophia-Antipolis Cedex, France

  Engin Kirda, Davide Balzarotti

• Computer Sciences Department, University of Wisconsin, Madison, USA

  Somesh Jha

Policies and ethics