Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


31 July 1998


Date: Fri, 31 Jul 1998 16:01:25 +0200
From: dac@zurich.ibm.com (Marc Dacier)
To: cypherpunks@toad.com
Subject: RAID98: Call For Registration


Call For Registration - RAID'98

First International Workshop on the Recent Advances in Intrusion Detection

Sponsored by the IBM Emergency Response Service (http://www.ers.ibm.com)
and the Joint Research Centre of the EC (Institute for Systems, Informatics and Safety)
(http://ntsta.jrc.it)

September 14-16, 1998

Louvain-la-Neuve, Belgium

***********************************************************************

Visit our web site

http://www.zurich.ibm.com/~dac/RAID98

for on-line information regarding the preliminary program, the registration forms, accommodations, maps, etc..

***********************************************************************

RAID'98 is the first in an anticipated annual series of international
workshops that will bring together leading figures from academia,
government, and industry to ponder the current state of intrusion
detection1 technologies and paradigms from the research and commercial
perspectives.  Its aim is to further progress in intrusion detection
by promoting the exchange of ideas among researchers, system
developers, and users and by encouraging links between these groups.

RAID'98 will be held in Louvain-la-Neuve, Belgium, on 14-16 September
1998. RAID'98 will be held in the same location as CARDIS'98
(http://www.dice.ucl.ac.be/cardis98) and ESORICS'98
(http://www.dice.ucl.ac.be/esorics98), at the same time as the former
and just prior to the latter. A registration discount is available to
those attending both the ESORICS conference and the RAID workshop.

Registration is now open, and will continue until 21 August 1998. Late
registration will continue until 4 September 1998, but only on a
space-available basis, and will include a penalty of 2000 BEF. If you
need more information regarding registration or accommodations, please
take contact with Catherine Rouyer

E-mail: Rouyer@tele.ucl.ac.be

RAID Secretariat
UCL/TELE (Mrs. Catherine Rouyer)
Place du Levant, 2
B-1348 Louvain-la-Neuve
Belgium

************************** PRELIMINARY PROGRAM *************************

html version available:  http://www.zurich.ibm.com/~dac/RAID98

MONDAY SEPTEMBER 14,1998
========================

8:00  9:00
Transfers from hotels, coffee service and participant check-in

Session 1 (Session Chair: Kathleen Jackson)
-------------------------------------------

9:00 - 9:20
  Welcome and Introduction
      Marc Dacier (IBM ZRL, Switzerland), Jean-Jacques
      Quisquater (UCL, Belgium).

9:20 - 9:40
  The Rome Labs Experience
      Kevin Ziese (Cisco Systems, Inc., USA)

9:40 - 10:00
  Intrusion Detection and Legal Proceedings
      Peter Sommer (London School of Economics and Political Science, UK)

10:00 - 10:20
  Lessons Learned in the Implementation of a
  Multi-Location Network Based Real Time Intrusion Detection System
      Michael Puldy (IBM Emergency Response Service, USA)


10:20 - 10:40
  Break - Coffee service


Session 2 (Session Chair:  Baudouin Le Charlier)
------------------------------------------------ 

10:40 - 11:00
  GASSATA, A Genetic Algorithm as an Alternative Tool for
  Security Audit Trails Analysis
      Ludovic Me (SUPELEC, France)

11:00 - 11:20
  Using Bottleneck Verification to Find Novel New Attacks
  with a Low False Alarm Rate
      Richard Lippmann (MIT Lincoln Laboratory, USA)

11:20 - 11:40
  The Use of Information Retrieval Techniques for Intrusion Detection
      Ross Anderson (University of Cambridge, UK)

11:40 - 12:00
  Tools for Intrusion detection: Results and Lessons
  Learned from the ASAX Project
      Abdelaziz. Mounji (Computer Science Institute, Belgium)


12:00 - 13:30
Lunch


Session 3   (Session Chair:  Yves Deswarte)
------------------------------------------- 

13:30 - 13:50
  Dependability of Large-scale Infrastructures and
  Challenges for Intrusion Detection
      Marc Wilikens (Institute for Systems, Informatics and Safety, Italy)

13:50 - 14:10
  How Re(Pro)active Should An IDS Be?
      Richard Overill (King's College London, UK)

14:10 - 14:30
  Contribution of Quantitative Security Evaluation to Intrusion Detection
      Yves Deswarte (LAAS-CNRS & INRIA, France)

14:30 - 14:50
  Intrusion Detection in Telecommunication
      Hai-Ping Ko (GTE Laboratories Incorporated, USA)


14:50 - 15:10
Break - Beverages


Session 4   (Session Chair:  TBD)
--------------------------------- 

15:10 - 15:30
  Problems with Network­based Intrusion Detection for Enterprise Computing
      Thomas Daniels (Purdue University, USA)

15:30 - 15:50
  Transitioning IDS Research Into a Viable Product
     Mark Crosbie (Hewlett-Packard Corporation, USA)

15:50 - 16:10
  Enhanced Network Intrusion Detection in a Smart Enterprise Environment
      Ricci Ieong (Hong Kong University of Science and Technology, Hong Kong)

16:10 - 16:30
  Integrating Intrusion Detection into the Network/Security Infrastructure
      Mark Wood (Internet Security Systems, Inc, USA)


16:30 - 16:50
Break - Refreshments

 
Session 5 (Panel Chair: Rowena Chester)
---------------------------------------

16:50 - 18:00
  The Nature and Utility of Standards Organizations
  for the Intrusion Detection Developers Community

      Participants
        Dick Brackney (NSA)
        Rowena Chester (Chair NCITS (ANSI) T4 Committee)
        Roger French (Compaq)
        Walter Fumy (Chair ISO SC27)
        Larry Nelson (AT&T)
        Vern Paxson (LBNL)
        Gene Spafford (Purdue University)
        Mark Zalewski (Chair TC68)

18:00 - 19:30
Transfers to and from hotels

19:30 - 22:00
Banquet

22:00
Transfers to hotels 



TUESDAY SEPTEMBER 15,1998
=========================

8:00  9:00
Transfers from hotels and coffee service


Session 6   (Session Chair:  Timothy Grance)
-------------------------------------------- 

9:00 - 9:20
  Measuring Intrusion Detection Systems
      Roy Maxion (Carnegie Mellon University, USA)

9:20 - 9:40
  The 1998 DARPA/AFRL Off-line Intrusion Detection Evaluation
      Richard Lippmann (MIT Lincoln Laboratory, USA)

9:40 - 10:00
  Securing Network Audit Logs on Untrusted Machines
      Bruce Schneier (Counterpane Systems, USA)

10:00 - 10:20
  Intrusion Detection and User Privacy - A Natural Contradiction?
      Roland Bueschkes (Aachen University of Technology, Germany)


10:20 - 10:40
Break - Coffee Service


Session 7  (Session Chair:  Marc Dacier)
---------------------------------------- 

10:40 - 11:00
  Design and Implementation of an Intrusion Detection System
  for OSPF Routing Networks
      Y. Frank Jou (MCNC, USA)

11:00 - 11:20
  Designing IDLE: The Intrusion Data Library Enterprise
      Ulf Lindqvist (Chalmers University of Technology, Sweden)

11:20 - 11:40
  Design and Implementation of a Sniffer Detector
      Stephane Grundschober (IBM Zurich Research Laboratory, Switzerland)

11:40 - 12:00
  The Application of Artificial Neural Networks to Misuse Detection:
  Initial Results
      James Cannady (Georgia Tech Research Institute, USA)


12:00 - 13:30
Lunch


Session 8   (Session Chair:  Deborah Frincke)
--------------------------------------------- 

13:30 - 13:50
  AAFID: Autonomous Agents for Intrusion Detection
      Diego Zamboni (Purdue University, USA)

13:50 - 14:10
  Research Issues in Cooperative Intrusion Detection Between Multiple Domains
      Deborah Frincke (University of Idaho, USA)

14:10 - 14:30
  A Large-scale Distributed Intrusion Detection Framework
  Based on Attack Strategy Analysis
      Ming-Yuh Huang (The Boeing Company, USA)

14:30 - 14:50
  NIDAR: The Design and Implementation of an Intrusion Detection System
      Ong Tiang Hwee (DSO National Laboratories, Singapore)


14:50 - 15:10
Break - Beverages

Session 9   (Session Chair:  Peter Sommer)
------------------------------------------ 

15:10 - 15:30
  A UNIX Anomaly Detection System using Self-Organising Maps
      Albert Hoeglund (Nokia Research Center, Finland)

15:30 - 15:50
  Evaluating a Real-time Anomaly-based Intrusion Detection System
      Tobias Ruighaver (University of Melbourne, Australia)

15:50 - 16:10
  Audit Trail Pattern Analysis for Detecting Suspicious Process Behavior
      Andreas Wespi (IBM Zurich Research Laboratory, Switzerland)

16:10 - 16:30
  An Immunological Approach to Distributed Network Intrusion Detection
      Steven A. Hofmeyr (University of New Mexico, USA)


16:30 - 16:50
Break - Refreshments


Session 10 (Session Chair:  Kevin Ziese)
----------------------------------------

16:50 - 17:10
  The Limitations of Intrusion Detection Systems on High Speed Networks
      Joe Kleinwaechter (Internet Security Systems, Inc, USA)

17:10 - 17:30
  CERN Network Security Monitor
      Paolo Moroni (CERN, Switzerland)

17:30 - 17:50
  HAXOR - A Passive Network Monitor/Intrusion Detection Sensor
      Alan Boulanger (IBM Watson Research Center, USA)

17:50 - 18:10
  Using Bro to detect network intruders: experiences and status
      Vern Paxson (Lawrence Berkeley National Laboratory, USA)

18:10 - 19:30
Reception

19:30
Transfers to hotels 

WEDNESDAY SEPTEMBER 16,1998
===========================
 
8:00 - 8:40
Transfers from hotels and  coffee service

Session 11 (Panel Chair:  Gene Spafford)
----------------------------------------

8:40 - 10:00
  Intrusion Detection in the Large
    Participants
      Dick Brackney (NSA)
      Deborah Frincke (University of Idaho)
      Michel Miqueu (CNES)
      Jean-Jacques Quisquater (UCL, Belgium)
      Gene Spafford (Purdue University)
      Marc Wilikens (Institute for Systems, Informatics and Safety)
      Kevin Ziese (Cisco/Wheelgroup)

10:00
  Adjourn