Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, Proceedings(6307 Lecture Notes in Computer Science)

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 13th International Symposium on Recent Advances in Intrusion Detection Systems (RAID 2010), which took place in Ottawa, Ontario, Canada, during September 15-17, 2010. As in the past, the symposium brought together leading researchers and practitioners from academia, government, and industry to discuss intrusion detection research and practice. There were eight technical sessionspresentingfullresearchpapersonnetworkprotection,highperformance, malwaredetectionanddefense(2 sessions),evaluation,forensics,anomalydet- tion and access protection, and Web security. Furthermore, there was a poster session presenting emerging research areas and case studies. The RAID 2010 Program Committee received 102 full-paper submissions from all over the world. All submissions were carefully reviewed by independent reviewers on the basis of technical quality, topic, space, and overallbalance. The ?naldecisiontookplaceataProgramCommitteemeetingheldduringMay19-20 inOakland,California,where24paperswereeventuallyselectedforpresentation at the conference and publication in the proceedings. As a continued feature, the symposium later also accepted 15 poster presentations reporting early-stage research,demonstrationof applications,orcasestudies. The authorsof accepted posters were also o?ered the opportunity to have an extended abstract of their work included in the proceedings.

Table of Contents:
Network Protection.- What Is the Impact of P2P Traffic on Anomaly Detection?.- A Centralized Monitoring Infrastructure for Improving DNS Security.- Behavior-Based Worm Detectors Compared.- High Performance.- Improving NFA-Based Signature Matching Using Ordered Binary Decision Diagrams.- GrAVity: A Massively Parallel Antivirus Engine.- Malware Detection and Defence.- Automatic Discovery of Parasitic Malware.- BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection.- CANVuS: Context-Aware Network Vulnerability Scanning.- HyperCheck: A Hardware-Assisted Integrity Monitor.- Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory.- Bait Your Hook: A Novel Detection Technique for Keyloggers.- Evaluation.- Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security.- On Challenges in Evaluating Malware Clustering.- Why Did My Detector Do That?!.- Forensics.- NetStore: An Efficient Storage Infrastructure for Network Forensics and Monitoring.- Live and Trustworthy Forensic Analysis of Commodity Production Systems.- Hybrid Analysis and Control of Malware.- Anomaly Detection.- Anomaly Detection and Mitigation for Disaster Area Networks.- Community Epidemic Detection Using Time-Correlated Anomalies.- A Data-Centric Approach to Insider Attack Detection in Database Systems.- Privilege States Based Access Control for Fine-Grained Intrusion Response.- Web Security.- Abusing Social Networks for Automated User Profiling.- An Analysis of Rogue AV Campaigns.- Fast-Flux Bot Detection in Real Time.- Posters.- A Client-Based and Server-Enhanced Defense Mechanism for Cross-Site Request Forgery.- A Distributed Honeynet at KFUPM: A Case Study.- Aspect-BasedAttack Detection in Large-Scale Networks.- Detecting Network Anomalies in Backbone Networks.- Detecting the Onset of Infection for Secure Hosts.- Eliminating Human Specification in Static Analysis.- Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009.- Inferring Protocol State Machine from Real-World Trace.- MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA.- On Estimating Cyber Adversaries’ Capabilities: A Bayesian Model Approach.- Security System for Encrypted Environments (S2E2).- Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence.- Toward Specification-Based Intrusion Detection for Web Applications.- Toward Whole-System Dynamic Analysis for ARM-Based Mobile Devices.- Using IRP for Malware Detection.