Recent advances in intrusion detection : third International Workshop, RAID 2000 Toulouse, France, October 2-4, 2000 : proceedings

Since 1998, RAID has established its reputation as the main event in research on intrusion detection, both in Europe and the United States. Every year, RAID gathers researchers, security vendors and security practitioners to listen to the most recent research results in the area as well as experiments and deployment issues. This year, RAID has grown one step further to establish itself as a well-known event in the security community, with the publication of hardcopy proceedings. RAID 2000 received 26 paper submissions from 10 countries and 3 continents. The program committee selected 14 papers for publication and examined 6 of them for presentation. In addition RAID 2000 received 30 extended abstracts proposals; 15 of these extended abstracts were accepted for presentation. - tended abstracts are available on the website of the RAID symposium series, http://www.raid-symposium.org/. We would like to thank the technical p- gram committee for the help we received in reviewing the papers, as well as all the authors for their participation and submissions, even for those rejected. As in previous RAID symposiums, the program alternates between fun- mental research issues, such as newtechnologies for intrusion detection, and more practical issues linked to the deployment and operation of intrusion det- tion systems in a real environment. Five sessions have been devoted to intrusion detection technology, including modeling, data mining and advanced techniques.

Chapman Flack and Mikhail J. AtallahJosué Kuri and Gonzalo Navarro and Ludovic Mé and Laurent HeyeJoachim Biskup and Ulrich FlegelWenke Lee and Rahul A. Nimbalkar and Kam K. Yee and Sunil B. Patil and Pragneshkumar H. Desai and Thuan T. Tran and Salvatore J. StolfoChristoph Michael and Anup GhoshAlfonso Valdes and Keith SkinnerAnup K. Ghosh and Christoph Michael and Michael SchatzAndreas Wespi and Marc Dacier and Hervé DebarZakia Marrakchi and Ludovic Mé and Bernard Vivinis and Benjamin MorinJohn McHughRichard Lippmann and Joshua W. Haines and David J. Fried and Jonathan Korba and Kumar DasDominique AlessandriFrederic Cuppens and Rodolphe OrtaloJames Riordan and Dominique Alessandri

Logging
Better Logging through Formality	p. 1
A Pattern Matching Based Filter for Audit Reduction and Fast Detection of Potential Intrusions	p. 17
Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection	p. 28
Data Mining
A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions	p. 49
Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report	p. 66
Modeling Process Behavior
Adaptive, Model-Based Monitoring for Cyber Attack Detection	p. 80
A Real-Time Intrusion Detection System Based on Learning Program Behavior	p. 93
Intrusion Detection Using Variable-Length Audit Trail Patterns	p. 110
Flexible Intrusion Detection Using Variable-Length Behavior Modeling in Distributed Environment: Application to CORBA Objects	p. 130
IDS Evaluation
The 1998 Lincoln Laboratory IDS Evaluation (A Critique)	p. 145
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation	p. 162
Using Rule-Based Activity Descriptions to Evaluate Intrusion-Detection Systems	p. 183
Modeling
LAMBDA: A Language to Model a Database for Detection of Attacks	p. 197
Target Naming and Service Apoptosis	p. 217
Author Index	p. 227

Available:*

On Order

Summary

Summary

Table of Contents