Recent Advances in Intrusion Detection

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 7th Symposium on Recent Advances in Intrusion Detection (RAID 2004), which took place in Sophia-Antipolis, French Riviera, France, September 15-17, 2004. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection from research as well as commercial perspectives. We also encouraged discussions that - dressed issues that arise when studying intrusion detection, including infor- tion gathering and monitoring, from a wider perspective. Thus, we had sessions on detection of worms and viruses, attack analysis, and practical experience reports. The RAID 2004 Program Committee received 118 paper submissions from all over the world. All submissions were carefully reviewed by several members of the Program Committee and selection was made on the basis of scienti? c novelty, importance to the ? eld, and technical quality. Final selection took place at a meeting held May 24 in Paris, France. Fourteen papers and two practical experience reports were selected for presentation and publication in the conf- ence proceedings. In addition, a number of papers describing work in progress were selected for presentation at the symposium. The keynote addresswas given by Bruce Schneier of Counterpane Systems. H? akan Kvarnstrom š of TeliaSonera gave an invited talk on the topic "Fighting Fraud in Telecom Environments. " A successful symposium is the result of the joint e? ort of many people.

Modelling Process Behaviour. - Automatic Extraction of Accurate Application-Specific Sandboxing Policy. - Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths. - Detecting Worms and Viruses. - HoneyStat: Local Worm Detection Using Honeypots. - Fast Detection of Scanning Worm Infections. - Detecting Unknown Massive Mailing Viruses Using Proactive Methods. - Attack and Alert Analysis. - Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection. - Attack Analysis and Detection for Ad Hoc Routing Protocols. - On the Design and Use of Internet Sinks for Network Abuse Monitoring. - Practical Experience. - Monitoring IDS Background Noise Using EWMA Control Charts and Alert Information. - Symantec Deception Server Experience with a Commercial Deception System. - Anomaly Detection. - Anomalous Payload-Based Network Intrusion Detection. - Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix. - Seurat: A Pointillist Approach to Anomaly Detection. - Formal Analysis for Intrusion Detection. - Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. - Formal Reasoning About Intrusion Detection Systems. - RheoStat: Real-Time Risk Management.