Check out the new USENIX Web site.
LEET '09 Banner

NSDI '09


All sessions took place in the Arlington Room unless otherwise noted.

Session papers are available to workshop registrants immediately and to everyone beginning April 21, 2009.

Tuesday, April 21, 2009
7:30 a.m.–8:30 a.m.    Continental Breakfast
8:30 a.m.–9:30 a.m.

Invited Talk

Effective Malware: The Trade-off Between Size and Stealth
Henry Stern, Senior Security Researcher, Cisco IronPort Systems LLC

Talk in Slides

9:30 a.m.–9:45 a.m.    Break
9:45 a.m.–11:15 a.m.

Malware Analysis

Session Chair: Christopher Kruegel, University of California, Santa Barbara

peHash: A Novel Approach to Fast Malware Clustering
Georg Wicherski, RWTH Aachen University

Paper in HTML | PDF

Malware Characterization through Alert Pattern Discovery
Steven Cheung and Alfonso Valdes, SRI International

Paper in HTML | PDF

Towards Automated Detection of Peer-to-Peer Botnets: On the Limits of Local Approaches
Márk Jelasity, University of Szeged, Hungary, and Hungarian Academy of Sciences; Vilmos Bilicki, University of Szeged, Hungary

Paper in HTML | PDF

11:15 a.m.–11:30 a.m.    Break
11:30 a.m.–12:30 p.m.

Panel: Ethics in Botnet Research

Panel Chair: Paul Royal, Georgia Tech Information Security Center

Panelists: Aaron Burstein, Dave Dittrich, Thorsten Holz, Jose Nazario, and Vern Paxson or Stefan Savage

12:30 p.m.–1:30 p.m.    Workshop Luncheon, Stanbro Room
1:30 p.m.–3:00 p.m.

Malware Analysis Methodology

Session Chair: Thorsten Holz, University of Mannheim

Spamcraft: An Inside Look At Spam Campaign Orchestration
Christian Kreibich, International Computer Science Institute; Chris Kanich, Kirill Levchenko, Brandon Enright, and Geoffrey M. Voelker, University of California, San Diego; Vern Paxson, International Computer Science Institute and University of California, Berkeley; Stefan Savage, University of California, San Diego

Paper in HTML | PDF

Temporal Correlations between Spam and Phishing Websites
Tyler Moore, Harvard University; Richard Clayton, Computer Laboratory, University of Cambridge; Henry Stern, Cisco IronPort Systems LLC

Paper in HTML | PDF

PhoneyC: A Virtual Client Honeypot
Jose Nazario, Arbor Networks

Paper in PDF

3:00 p.m.–3:15 p.m.    Break
3:15 p.m.–4:45 p.m.

Malware Behavior

Session Chair: Jose Nazario, Arbor Networks

A Foray into Conficker's Logic and Rendezvous Points
Phillip Porras, Hassen Saïdi, and Vinod Yegneswaran, SRI International

Paper in HTML | PDF

A View on Current Malware Behaviors
Ulrich Bayer, Technical University Vienna; Imam Habibi, Davide Balzarotti, and Engin Kirda, Institute Eurecom; Christopher Kruegel, University of California, Santa Barbara

Paper in HTML | PDF

An Empirical Study of Real-world Polymorphic Code Injection Attacks
Michalis Polychronakis, FORTH-ICS, Greece; Kostas G. Anagnostakis, I2R, Singapore; Evangelos P. Markatos, FORTH-ICS, Greece

Paper in HTML | PDF

4:45 p.m.–5:00 p.m.    Break
5:00 p.m.–6:00 p.m.

Work-in-Progress Reports (WiPs)

WiPs Session Chair: Michael Bailey, University of Michigan

? Need help? Use our Contacts page.

Last changed: 22 April 2009 jp