Table of Contents

Host-Based Intrusion Detection.- Exploiting Execution Context for the Detection of Anomalous System Calls.- Understanding Precision in Host Based Intrusion Detection.- Anomaly-Based Intrusion Detection.- Comparing Anomaly Detection Techniques for HTTP.- Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications.- Network-Based Intrusion Detection and Response.- Emulation-Based Detection of Non-self-contained Polymorphic Shellcode.- The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware.- Cost-Sensitive Intrusion Responses for Mobile Ad Hoc Networks.- Insider Detection and Alert Correlation.- elicit: A System for Detecting Insiders Who Violate Need-to-Know.- On the Use of Different Statistical Tests for Alert Correlation – Short Paper.- Malicious Code Analysis.- Automated Classification and Analysis of Internet Malware.- “Out-of-the-Box” Monitoring of VM-Based High-Interaction Honeypots.- A Forced Sampled Execution Approach to Kernel Rootkit Identification.- Evasion.- Advanced Allergy Attacks: Does a Corpus Really Help?.- Alert Verification Evasion Through Server Response Forging.- Malicious Code Defense.- Hit-List Worm Detection and Bot Identification in Large Networks Using Prool Graphs.- SpyShield: Preserving Privacy from Spy Add-Ons.- Vortex: Enabling Cooperative Selective Wormholing for Network Security Systems.