Intrusion and Malware Detection and Vulnerability Assessment（入侵与恶意软件及易损性评价/会议录）

This book constitutes the refereed proceedings of the second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2005, held in Vienna, Austria, in July 2005. The 14 revised full papers presented were carefully reviewed and selected from 51 submissions. The papers are organized in topical sections on obfuscated code detection, honeypots, vulnerability assessment and exploit analysis, anomaly detection, misuse detection, and distributed intrusion detection and IDS testing.

Obfuscated Code Detection
Analyzing Memory Accesses in Obfuscated x86 Executables
Hybrid Engine for Polymorphic Shellcode Detection
Honeypots
Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities
A Pointillist Approach for Comparing Honeypots
Vulnerability Assessment and Exploit Analysis
Automatic Detection of Attacks on Cryptographic Protocols: A Case Study
METAL - A Tool for Extracting Attack Manifestations
Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone
Anomaly Detection
A Learning-Based Approach to the Detection of SQL Attacks
Masquerade Detection via Customized Grammars
A Prevention Model for Algorithmic Complexity Attacks
Misuse Detection
Detecting Malicious Code by Model Checking
Improving the Efficiency of Misuse Detection
Distributed Intrusion Detection and IDS Testing
Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context
TCPtransform: Property-Oriented TCP Traffic Transformation
Author Index