Read more
On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference.
List of contents
Network Infrastructure.- Mitigating Distributed Denial of Service Attacks Using a Proportional-Integral-Derivative Controller.- Topology-Based Detection of Anomalous BGP Messages.- Anomaly Detection I.- Detecting Anomalous Network Traffic with Self-organizing Maps.- An Approach for Detecting Self-propagating Email Using Anomaly Detection.- Correlation.- Statistical Causality Analysis of INFOSEC Alert Data.- Correlation of Intrusion Symptoms: An Application of Chronicles.- Modeling and Specification.- Modeling Computer Attacks: An Ontology for Intrusion Detection.- Using Specification-Based Intrusion Detection for Automated Response.- IDS Sensors.- Characterizing the Performance of Network Intrusion Detection Sensors.- Using Decision Trees to Improve Signature-Based Intrusion Detection.- Ambiguity Resolution via Passive OS Fingerprinting.- Anomaly Detection II.- Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems.- An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection.
