Recent Advances in Intrusion Detection

1. Front Matter

   PDF

2. Recent Advances in Intrusion Detection

   1. Rootkit Prevention

      1. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing

         • Ryan Riley, Xuxian Jiang, Dongyan Xu

         Pages 1-20

      2. Countering Persistent Kernel Rootkits through Systematic Hook Discovery

         • Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang

         Pages 21-38

3. Malware Detection and Prevention

   1. Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections

      • Abhinav Srivastava, Jonathon Giffin

      Pages 39-58

   2. A First Step towards Live Botmaster Traceback

      • Daniel Ramsbrock, Xinyuan Wang, Xuxian Jiang

      Pages 59-77

   3. A Layered Architecture for Detecting Malicious Behaviors

      • Lorenzo Martignoni, Elizabeth Stinson, Matt Fredrikson, Somesh Jha, John C. Mitchell

      Pages 78-97

   4. A Study of the Packer Problem and Its Solutions

      • Fanglu Guo, Peter Ferrie, Tzi-cker Chiueh

      Pages 98-115

4. High Performance Intrusion Detection and Evasion

   1. Gnort: High Performance Network Intrusion Detection Using Graphics Processors

      • Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis

      Pages 116-134

   2. Predicting the Resource Consumption of Network Intrusion Detection Systems

      • Holger Dreger, Anja Feldmann, Vern Paxson, Robin Sommer

      Pages 135-154

   3. High-Speed Matching of Vulnerability Signatures

      • Nabil Schear, David R. Albrecht, Nikita Borisov

      Pages 155-174

5. Web Application Testing and Evasion

   1. Swarm Attacks against Network-Level Emulation/Analysis

      • Simon P. Chung, Aloysius K. Mok

      Pages 175-190

   2. Leveraging User Interactions for In-Depth Testing of Web Applications

      • Sean McAllister, Engin Kirda, Christopher Kruegel

      Pages 191-210

   3. Model-Based Covert Timing Channels: Automated Modeling and Evasion

      • Steven Gianvecchio, Haining Wang, Duminda Wijesekera, Sushil Jajodia

      Pages 211-230

6. Alert Correlation and Worm Detection

   1. Optimal Cost, Collaborative, and Distributed Response to Zero-Day Worms - A Control Theoretic Approach

      • Senthilkumar G. Cheetancheri, John-Mark Agosta, Karl N. Levitt, Felix Wu, Jeff Rowe

      Pages 231-250

   2. On the Limits of Payload-Oblivious Network Attack Detection

      • M. Patrick Collins, Michael K. Reiter

      Pages 251-270

   3. Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling

      • Gaspar Modelo-Howard, Saurabh Bagchi, Guy Lebanon

      Pages 271-290

   4. A Multi-Sensor Model to Improve Automated Attack Detection

      • Magnus Almgren, Ulf Lindqvist, Erland Jonsson

      Pages 291-310

7. Anomaly Detection and Network Traffic Analysis

   1. Monitoring SIP Traffic Using Support Vector Machines

      • Mohamed Nassar, Radu State, Olivier Festor

      Pages 311-330

   2. The Effect of Clock Resolution on Keystroke Dynamics

      • Kevin Killourhy, Roy Maxion

      Pages 331-350

   3. A Comparative Evaluation of Anomaly Detectors under Portscan Attacks

      • Ayesha Binte Ashfaq, Maria Joseph Robert, Asma Mumtaz, Muhammad Qasim Ali, Ali Sajjad, Syed Ali Khayam

      Pages 351-371

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008), which took place in Cambridge, Massachusetts, USA on September 15–17. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection research and practice. There were six main sessions presenting full-?edged research papers (rootkit prevention, malware detection and prevention, high performance - trusion and evasion, web application testing and evasion, alert correlation and worm detection, and anomaly detection and network tra?c analysis), a session ofpostersonemergingresearchareasandcasestudies,andtwopaneldiscussions (“Government Investments: Successes, Failures and the Future” and “Life after Antivirus - What Does the Future Hold?”). The RAID 2008 Program Committee received 80 paper submissions from all over the world. All submissions were carefully reviewed by at least three independent reviewers on the basis of space, topic, technical assessment, and overallbalance.FinalselectiontookplaceattheProgramCommitteemeetingon May 23rd in Cambridge, MA. Twenty papers were selected for presentation and publication in the conference proceedings, and four papers were recommended for resubmission as poster presentations. As a new feature this year, the symposium accepted submissions for poster presentations,whichhavebeen publishedas extendedabstracts,reportingear- stageresearch,demonstrationofapplications,orcasestudies.Thirty-nineposters were submitted for a numerical review by an independent, three-person s- committee of the Program Committee based on novelty, description, and ev- uation. The subcommittee chose torecommend the acceptance of 16 of these posters for presentation and publication.

• GPU
• alert reasoning
• anomaly detection
• attack graph
• attack prevention
• bayesian networks
• data-flow
• decoder detection
• digital biometrics
• dynamic programming
• evasion
• feature extraction
• firewall
• honeypots
• insider-attack detection
• internet threat

Policies and ethics