|
[Sunday, April 11] [Monday, April 12]
ID Technical Program
Monday, April 12, 1999
9:00am - 10:30am
IDS Systems
Session Chair: Charles Antonelli, University of Michigan
Automated Intrusion Detection Methods Using NFR
Wenke Lee, Christopher Park, Salvatore J. Stolfo, Columbia University
Experience with EMERALD Thus Far
Phillip A. Porras, Peter G. Neumann, Teresa Lunt, SRI International
Defending Against the Wily Surfer -Web-Based Attacks and Defenses
Dan Klein, LoneWolf Systems
10:30am - 11:00am
Break
11:00am - 12:30pm
Network Data Processing and Storage
Session Chair: Dan Geer, CERTCO
Preprocessor Algorithm for Network Management Codebook
Minaxi Gupta, Mani Subramanian, Georgia Institute of Technology
The Packet Vault: Secure Storage of Network Data
Charles J. Antonelli, Matthew Undy, Peter Honeyman, Center for Information Technology Integration, University of Michigan
Real-Time Intrusion Detection and Suppression in ATM Networks
Ricardo Bettati, Wei Zhao, Dan Teodor, Texas A&M University
12:30pm - 2:00pm
Hosted Luncheon
2:00pm - 3:30pm
Invited Talks
Session Chair: Norm Laudermilch, UUNet/Worldcom
Design and Integration Principles for Large-Scale Infrastructure Protection
Edward Amoroso, AT&T
Basic intrusion detection design and integration principles are outlined for practical large-scale infrastructure protection schemes. Issues in the development of middleware for multi-vendor interoperability, algorithms for high-volume alarm processing, and visualization techniques for intrusion display are included.
Experiences Learned from Bro
Vern Paxson, Network Research Group, Lawrence Berkeley National Labs
Bro is a system for detecting network intruders in realtime by passively monitoring a network link. Its design emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility. To achieve these ends, Bro is divided into an "event engine" that reduces a kernel-filtered network traffic stream into a series of higher-level events, and a "policy script interpreter" that interprets event handlers written in a specialized language used to express a site's security policy. Bro has been in production use since early 1996. We discuss the structure of the system and the lessons learned from our experiences, with an emphasis on some of the key challenges for future intrusion detection systems.
3:30pm - 4:00pm
Break
4:00pm - 5:30pm
Statistics and Anomalies
Session Chair: Marcus Ranum, Network Flight Recorder, Inc.
A Statistical Method for Profiling Network Traffic
David Marchette, Naval Surface Warfare Center, Dahlgren Division
Transaction-Based Anomaly Detection
Roland Buschkes, Mark Borning, Aachen University of Technology
5:00pm - 5:30pm
Works-in-Progress Reports (WIPs)
Session Chair: Marcus Ranum, Network Flight Recorder, Inc.
Do you have interesting work you would like to share, or a cool idea that is not yet ready to be published? The USENIX audience provides valuable discussion and feedback. Short, pithy, and fun, Works-in-Progress Reports (WIPs) introduce interesting new or ongoing work. We are particularly interested in presentation of student work. Prospective speakers should send a short one- or two-paragraph report, to idwips@usenix.org
A schedule of presentations will be posted at the conference and the speakers will be notified in advance. Works-in-Progress Reports are five-minute presentations; the time limit will be strictly enforced.
[Sunday, April 11] [Monday, April 12]
|
Networking '99
