|
WORKSHOP SESSIONS
All sessions took place in the Arlington Room unless otherwise noted.
Session papers are available to workshop registrants immediately and to everyone beginning April 21, 2009.
|
Tuesday, April 21, 2009
|
7:30 a.m.–8:30 a.m. Continental Breakfast
|
|
8:30 a.m.–9:30 a.m. |
Invited Talk
Effective Malware: The Trade-off Between Size and Stealth
Henry Stern, Senior Security Researcher, Cisco IronPort Systems LLC
Talk in Slides
|
9:30 a.m.–9:45 a.m. Break
|
|
9:45 a.m.–11:15 a.m. |
Malware Analysis
Session Chair: Christopher Kruegel, University of California, Santa Barbara
peHash: A Novel Approach to Fast Malware Clustering
Georg Wicherski, RWTH Aachen University
Paper in HTML | PDF
Malware Characterization through Alert Pattern Discovery
Steven Cheung and Alfonso Valdes, SRI International
Paper in HTML | PDF
Towards Automated Detection of Peer-to-Peer Botnets: On the Limits of Local Approaches
Márk Jelasity, University of Szeged, Hungary, and Hungarian Academy of Sciences; Vilmos Bilicki, University of Szeged, Hungary
Paper in HTML | PDF
|
11:15 a.m.–11:30 a.m. Break
|
|
11:30 a.m.–12:30 p.m. |
Panel: Ethics in Botnet Research
Panel Chair: Paul Royal, Georgia Tech Information Security Center
Panelists: Aaron Burstein, Dave Dittrich, Thorsten Holz, Jose Nazario, and Vern Paxson or Stefan Savage
|
12:30 p.m.–1:30 p.m. Workshop Luncheon, Stanbro Room |
|
1:30 p.m.–3:00 p.m. |
Malware Analysis Methodology
Session Chair: Thorsten Holz, University of Mannheim
Spamcraft: An Inside Look At Spam Campaign Orchestration
Christian Kreibich, International Computer Science Institute; Chris Kanich, Kirill Levchenko, Brandon Enright, and Geoffrey M. Voelker, University of California, San Diego; Vern Paxson, International Computer Science Institute and University of California, Berkeley; Stefan Savage, University of California, San Diego
Paper in HTML | PDF
Temporal Correlations between Spam and Phishing Websites
Tyler Moore, Harvard University; Richard Clayton, Computer Laboratory, University of Cambridge; Henry Stern, Cisco IronPort Systems LLC
Paper in HTML | PDF
PhoneyC: A Virtual Client Honeypot
Jose Nazario, Arbor Networks
Paper in PDF
|
3:00 p.m.–3:15 p.m. Break
|
|
3:15 p.m.–4:45 p.m. |
Malware Behavior
Session Chair: Jose Nazario, Arbor Networks
A Foray into Conficker's Logic and Rendezvous Points
Phillip Porras, Hassen Saïdi, and Vinod Yegneswaran, SRI International
Paper in HTML | PDF
A View on Current Malware Behaviors
Ulrich Bayer, Technical University Vienna; Imam Habibi, Davide Balzarotti, and Engin Kirda, Institute Eurecom; Christopher Kruegel, University of California, Santa Barbara
Paper in HTML | PDF
An Empirical Study of Real-world Polymorphic Code Injection Attacks
Michalis Polychronakis, FORTH-ICS, Greece; Kostas G. Anagnostakis, I2R, Singapore; Evangelos P. Markatos, FORTH-ICS, Greece
Paper in HTML | PDF
|
4:45 p.m.–5:00 p.m. Break
|
|
5:00 p.m.–6:00 p.m.
|
|
Work-in-Progress Reports (WiPs)
WiPs Session Chair: Michael Bailey, University of Michigan
|
|
|