Call For Participation - RAID'98 First International Workshop on the Recent Advances in Intrusion Detection September 14-15, 1998 Louvain-la-Neuve, Belgium We solicit your participation in the first International Workshop on the Recent Advances in Intrusion Detection. This workshop, the first in an anticipated annual series, will bring together leading figures from academia, government, and industry to talk about the current state of intrusion detection technologies and paradigms from the research and commercial perspectives. Research into and development of automated intrusion detection systems (IDS) has been under way for nearly 10 years. In that time, only a few systems have been widely deployed in the commercial or government arena (e.g., DIDS, NADIR, NetRanger, Stalker). All are limited in what they do. At the same time, the numerous research systems developed have been more engineering than scientific efforts, with scant quantitative performance figures. As we survey the field of automated intrusion detection, we are faced with many questions: 1) What *research* questions have yet to be answered about IDS? 2) What are the open questions, limitations, and fundamental concerns about existing intrusion detection methodologies? 3) What metrics shall we use to measure IDS performance and thus compare different IDSes? These measurements should highlight the successes and expose the limitations of current IDS approaches. 4) What factors are inhibiting transfer of research ideas into functional deployed IDSes? How can those be addressed? 5) What is the role of a deployed IDS? How should or can it fit in with other security systems? 6) What are the typical operating environments and policies in which IDSes are used? 7) What are the challenges for IDSes in very large environments, such as the Internet? 8) Is it time to be thinking about IDS standards? What are the advantages and disadvantages of standardizing components of IDS? What forums (e.g., IETF, ISO) would be appropriate for pursuing such standards? 9) What are the problems of turning the results of intrusion detection tools into legally reliable evidence? What are the problems of admissibility and of court-room presentation? We invite proposals and panels that explore these questions or any other aspect of automated intrusion detection. We especially solicit proposals and panels that address: 1) New results related to intrusion detection methodologies and technologies. 2) Innovative ways of thinking about intrusion detection; for example, the applicability of R&D in the fields of survivable and/or dependable systems, data mining, etc. 3) User experiences and lessons learned from fielded intrusion detection systems. 4) IDS for emerging computer environments (e.g., Java, CORBA, NT ). 5) Commercial intrusion detection systems. We have scheduled RAID'98 immediately before ESORICS'98, at the same time as CARDIS'98, and at the same location as both of these conferences. This provides a unique opportunity for the members of these distinct, yet related, communities to participate in all these events and meet and share ideas during joined organized external events. INSTRUCTIONS: Proposals for presentations must include a title followed by an abstract that is a maximum of 600 words in length. The presenter may include a full paper with the abstract, and will have either 15 or 30 minutes (including questions) for the talk. Panel proposals should include a title, proposed chair, tentative panelists, a description (under 300 words), format of the presentation, and short rationale for the panel. Panel sessions must fit into one hour time slots. Each proposed participant must include his or her name, organization, position, e-mail address, facsimile and telephone number, and a brief biography. All proposals must be in English. Plan to give all panels and talks in English. We must receive all proposals before June 15, 1998. We strongly prefer they be submitted by e-mail to raid98@zurich.ibm.com. Various formats (ASCII, postscript, Word, WordPro, Framemaker, and LaTex) are acceptable. If necessary, hardcopy proposals may be sent to: Marc Dacier Global Security Analysis Lab IBM Zurich Research Laboratory Saeumerstrasse 4, CH-8803 Rueschlikon, Switzerland IMPORTANT DATES: ---------------- Deadline for submission: June 15, 1998 Notification of acceptance or rejection: August 1, 1998 GENERAL CO-CHAIRS: ------------------ Marc Dacier (IBM Zurich Research Laboratory, Switzerland) Kathleen A. Jackson (Los Alamos National Laboratory, USA) PROGRAM COMMITTEE: ------------------ Matt Bishop (University of California at Davis, USA) Dick Brackney (National Security Agency, USA) Yves Deswarte (LAAS-CNRS & INRIA, France) Baudouin Le Charlier (Universite de Namur, Belgium) Stuart Staniford-Chen (University of California at Davis, USA) Rowena Chester (University of Tennessee, USA) Deborah Frincke (University of Idaho, USA) Tim Grance (National Institute of Standards and Technology, USA) Sokratis Katsikas (University of Athens, University of Aegeans, Greece) Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium) Mark Schneider (National Security Agency, USA) Peter Sommer (London School of Economics & Political Science, England) Steve Smaha (Trusted Information Systems, USA) Gene Spafford (Purdue University, USA) Chris Wee (University of California at Davis, USA) Kevin Ziese (WheelGroup Corporation, USA) For further information contact one of the General Co-chairs: Marc Dacier Kathleen A. Jackson IBM Zurich Research Laboratory Los Alamos National Laboratory Switzerland USA E-mail: dac@zurich.ibm.com E-mail: kaj@lanl.gov Tel.: +41-1-724-85-62 Tel.: +1-505/667-5927 Fax.: +41-1-724-89-53 Fax: +1-505/665-5220 More information will be available at: <URL:http://www.zurich.ibm.com/~dac/raid98/>. Information about ESORICS'98 is available at: ESORICS 98 home page: <http://www.dice.ucl.ac.be/esorics98> ESORICS series home page: <http://www.laas.fr/~esorics> Note: Papers and panel proposals for ESORICS'98 are due before February 28, 1998. Information about CARDIS'98 will be available at: <http://www.dice.ucl.ac.be/cardis98> -- Marc Dacier Mgr. Global Security Analysis Lab (GSAL) IBM Zurich Research Laboratory Saeumerstrasse 4 - CH-8803 Rueschlikon - Switzerland E-mail: dac@zurich.ibm.com Tel.:+41-1-724-85-62 Fax.:+41-1-724-89-53