Call for Participation for the second IEEE Workshop on Monitoring,
Attack Detection and Mitigation MONAM 2007
http://www.laas.fr/MonAM2007/
Monday 5 / Tuesday 6 November, 2007 LAAS-CNRS Toulouse, France
Registration is open
Purpose and Format
The intention of this workshop foster interaction among researchers from
the industry, universities, and other research institutes on various
aspects of network monitoring, attack detection and mitigation, suitable
for high-speed networks.
The workshop not at the second edition aims at providing a forum for
presenting and discussing recent work, as well as ongoing and planned
projects. The workshop will consist of a number of short presentations
and discussion on current research, hot topics, position statements, and
controversial opinions, as well as practical demonstrations.
Preliminary Program
Monday, November 5th
9h-9h30 Welcome session
9h30-10h30 Invited talk Herbert Bos - Vrije Universiteit Amsterdam, NL
Monitoring for security: promising work and useless techniques
The threat landscape is changing rapidly and the monitoring
tools for yesterday's threats may be rendered irrelevant in
the near future. In this talk, Herbert Bos will present a
personal perspective on what is needed in monitoring, and
which techniques should be considered either promising or
obsolete.
10h30-11h Coffee break
11h-12h30 Session 1: Syn flooding
An efficient online anomalies detection mechanism for high speed
networks Osman Salem - ENST Bretagne, France
Enhanced TCP SYN attack detection V. Thing, M. Sloman, N. Dulay -
Imperial College London, UK
SYN flooding attack detection by TCP handshake behaviour observation M.
Bellaiche - école polytechnique de Montréal, Canada, J.C. Grégoire -
INRS-EMT, Canada
12h30-13h30 Lunch
13h30-15h Session 2: Attack detection (1)
DDoS attacks against PIM-SM control plane B. Hilt - university of Haute
Alsace, J.J. Pansiot - LSIIT, France
Denial-of-Service flooding detection in anonymity networks J. Oberender,
M. Volkamer, H. De Meer - university of Passau, Germany
Building multiple behavioral models for network intrusion identification
W.Wang, S. Gombault, A. Bsila - GET/ENST Bretagne, France
15h-15h30 Coffee break
15h30-17h Session 3: Unclassified
Signature detection in sampled packets G. Muenz, N. Weber, G. Carle -
university of Tübingen, Germany
Improving web traffic inference using page level embedding information
O. Paul - GET/INT, France
SHARK: Spy Honeypot with Advanced Redirection Kit I. Alberdi, E. Alata,
V. Nicomette, P. Owezarski, M. Kaaniche - LAAS-CNRS, France
17h- 18h Shorp papers session
Optimal placement of different types of monitoring equipment in
tranparent optical networks M. Kiese, C. Mas Machuca - Münich university
of technology, Germany
Bringing the pieces together: an architecture for network scan
mitigation E. Le Malécot, Y. Hori, K. Sakurai - Kyushu university, Japan
An entropy based analysis method of network delays for a discriminating
DoS attack detection Y. Labit, P. Owezarski - LAAS-CNRS, France
Monitoring both OS and program level information flows to detect
intrusions against network servers G. Hiet, L. Mé, B. Morin, V. Viet
Triem Tong - Supélec, France
19h- Social event Visit of the Blomberg art collection museum at Hotel
dAssezat Banquet in the roman basement of hotel dAssezat
Tuesday, November 6th
9h-10h30 Session 4: Attack detection (2)
A collaborative approach for proactive detection of distributed denial
of service attacks J. François - university Henri Poincaré, France, A.
El-Atawy, E. Al Shaer - DePaul university, USA, R. Boutaba - University
of Waterloo, Canada
SQL injection and password guessing detection and mitigation for next
generation IMS M. Sher - technical university of Berlin, Germany
Rapid aggregate defence for denial of service attacks A. Bitorika, C. Mc
Goldrick, M. Huggard - university of Dublin, Trinity College, Ireland
10h30-11h Coffee break
11h-12h30 Pannel (tbd)
---
Liste de diffusion du FRnOG
http://www.frnog.org/