index.html

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="Mathias Payer">
<meta name="theme-color" content="#563d7c">
<title>21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '24)</title>
<!-- Bootstrap core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet"/>
<link href="css/fontawesome.min.css" rel="stylesheet"/>
<link href="css/academicons.min.css" rel="stylesheet"/>
<style>
body {
    overflow-x: hidden;
    font-family: K2D, 'Helvetica Neue', Helvetica, Arial, sans-serif;
}

p {
    line-height: 1.25;
    text-align: left;
}

a {
    color: #b33;
}

a.active, a:active, a:focus, a:hover {
    color: #d44;
}

strike {
	text-decoration-thickness: 2px;
	text-decoration-color: #aa0000aa;
	}

strong.important {
    color: #b33;
}

.text-primary {
    color: #00ff00 !important;
}

h1, h2, h3, h4, h5, h6 {
    text-align: left;
    font-weight: 700;
}

.session {
    color: #b33;
}

section {
    padding: 60px 0;
}

th, td {
  padding-top: 10px;
  padding-bottom: 10px;
  padding-left: 30px;
  padding-right: 30px;
}

section h2.section-heading {
    font-size: 30px;
    margin-top: 0;
    margin-bottom: 15px;
}

section h3.section-subheading {
    font-size: 20px;
    font-weight: 400;
    margin-top: 30px;
    margin-bottom: 20px;
    text-transform: none;
}

#mainNav {
    background-color: #222;
}

#mainNav .navbar-toggler {
    font-size: 12px;
    right: 0;
    padding: 13px;
    text-transform: uppercase;
    color: white;
    border: 0;
    background-color: #c44;
}

#mainNav .navbar-brand {
    color: #f4f4f4;
    /* font-weight: bold; */
}

#mainNav .navbar-brand.active, #mainNav .navbar-brand:active, #mainNav .navbar-brand:focus, #mainNav .navbar-brand:hover {
    color: #f44;
}

#mainNav .navbar-nav .nav-item .nav-link {
    font-size: 90%;
    font-weight: 400;
    padding: 1.1em;
    letter-spacing: 1px;
    color: white;
}

#mainNav .navbar-nav .nav-item .nav-link.active, #mainNav .navbar-nav .nav-item .nav-link:hover {
    color: #f44;
}
</style>
</head>

<body id="page-top">

<nav class="navbar navbar-expand-lg navbar-dark fixed-top" id="mainNav">
<div class="container">
	<a class="navbar-brand" href="#page-top"><img src="dimvalogo.png" width="50px" alt="DIMVA Logo"/> DIMVA 2024</a>
	<div class="collapse navbar-collapse" id="navbar">
	<ul class="navbar-nav ml-auto">
		<li class="nav-item"><a class="nav-link" href="#page-top">Home</a></li>
		<li class="nav-item"><a class="nav-link" href="#program">Program</a></li>
		<li class="nav-item"><a class="nav-link" href="#registration">Registration</a></li>
		<li class="nav-item"><a class="nav-link" href="#cfposter">Call for Posters</a></li>
		<li class="nav-item"><a class="nav-link" href="#cfp">Call for Papers</a></li>
		<li class="nav-item"><a class="nav-link" href="#committee">Committee</a></li>
		<li class="nav-item"><a class="nav-link" href="#venue">Venue</a></li>
		<!--<li class="nav-item"><a class="nav-link" href="#sponsors">Sponsors</a></li>-->
	</ul>
	</div>
    <img src="epfl.png" class="ml-auto" width="50px"/>
</div>
</nav>

<main role="main" class="container">

<section id="header">
<div class="container">
<br>

<h1>21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '24)</h1>
<h4>July 17 to 19, 2024 at EPFL in Lausanne, Switzerland</h4>

<a href="https://infosec.exchange/@DIMVAConf"><div style="color: rgb(29, 155, 240);width:30px;height:30p; display:inline-block;"><svg viewBox="0 0 32 32" aria-hidden="true" style="color: rgb(29, 155, 240)"><g><path d="M 15.9375 4.03125 C 12.917 4.0435 9.9179219 4.4269844 8.3574219 5.1464844 C 8.3574219 5.1464844 5 6.6748594 5 11.880859 C 5 18.077859 4.9955 25.860234 10.5625 27.365234 C 12.6945 27.938234 14.527953 28.061562 16.001953 27.976562 C 18.676953 27.825562 20 27.005859 20 27.005859 L 19.910156 25.029297 C 19.910156 25.029297 18.176297 25.640313 16.029297 25.570312 C 13.902297 25.495313 11.6615 25.335688 11.3125 22.679688 C 11.2805 22.432688 11.264625 22.182594 11.265625 21.933594 C 15.772625 23.052594 19.615828 22.420969 20.673828 22.292969 C 23.627828 21.933969 26.199344 20.081672 26.527344 18.388672 C 27.041344 15.720672 26.998047 11.880859 26.998047 11.880859 C 26.998047 6.6748594 23.646484 5.1464844 23.646484 5.1464844 C 22.000984 4.3779844 18.958 4.019 15.9375 4.03125 z M 12.705078 8.0019531 C 13.739953 8.0297031 14.762578 8.4927031 15.392578 9.4707031 L 16.001953 10.505859 L 16.609375 9.4707031 C 17.874375 7.5037031 20.709594 7.6264375 22.058594 9.1484375 C 23.302594 10.596438 23.025391 11.531 23.025391 18 L 23.025391 18.001953 L 20.578125 18.001953 L 20.578125 12.373047 C 20.578125 9.7380469 17.21875 9.6362812 17.21875 12.738281 L 17.21875 16 L 14.787109 16 L 14.787109 12.738281 C 14.787109 9.6362812 11.429688 9.7360938 11.429688 12.371094 L 11.429688 18 L 8.9765625 18 C 8.9765625 11.526 8.7043594 10.585438 9.9433594 9.1484375 C 10.622859 8.3824375 11.670203 7.9742031 12.705078 8.0019531 z"></path></svg></div> Follow us on Mastodon</a>
&ensp;
<a href="https://twitter.com/DIMVAConf"><div style="color: rgb(29, 155, 240);width:30px;height:30p; display:inline-block;"><svg viewBox="0 0 24 24" aria-hidden="true" style="color: rgb(29, 155, 240)"><g><path style="color: rgb(29, 155, 240)" d="M23.643 4.937c-.835.37-1.732.62-2.675.733.962-.576 1.7-1.49 2.048-2.578-.9.534-1.897.922-2.958 1.13-.85-.904-2.06-1.47-3.4-1.47-2.572 0-4.658 2.086-4.658 4.66 0 .364.042.718.12 1.06-3.873-.195-7.304-2.05-9.602-4.868-.4.69-.63 1.49-.63 2.342 0 1.616.823 3.043 2.072 3.878-.764-.025-1.482-.234-2.11-.583v.06c0 2.257 1.605 4.14 3.737 4.568-.392.106-.803.162-1.227.162-.3 0-.593-.028-.877-.082.593 1.85 2.313 3.198 4.352 3.234-1.595 1.25-3.604 1.995-5.786 1.995-.376 0-.747-.022-1.112-.065 2.062 1.323 4.51 2.093 7.14 2.093 8.57 0 13.255-7.098 13.255-13.254 0-.2-.005-.402-.014-.602.91-.658 1.7-1.477 2.323-2.41z"></path></g></svg></div> Follow us on X/Twitter</a>

<br/>

Access to the <a href="https://link.springer.com/book/978-3-031-64171-8">proceedings in the Springer library</a>.

</div>
</section>

<hr/>

<section id="program">
<div class="container">
<br>
<h2>Conference Program</h2>

<h3>Wednesday, July 17: Day 0</h3>
<div class="row margin-b-30">
    <div class="col-sm-2">15:00 to 17:00</div>
    <div class="col-sm-10">
    <h4 class="session">Social event: Lausanne city tour</h4>
        On this walking tour, we'll explore the old town of Lausanne. This is a great opportunity to get to know the other conference attendees and to walk off any travel fatigue.
        Our meeting point is on the Riponne square, in front of the <a href="https://osm.org/go/0CSObm6u5?m=">Palais Rumine</a>, next to the Metro m2 stop "Riponne".
    </div>
    <div class="col-sm-2">17:00 to 18:30</div>
    <div class="col-sm-10">
        Following the city tour, we'll meet for an apéro at <a href="https://the-great.ch/">The Great Escape</a>, close to the Riponne metro stop and a few steps from lots of great restaurants and bars.<br/><br/>
    </div>
</div>

<h3>Thursday, July 18: Day 1, in <a href="https://plan.epfl.ch/?room==BC%2005">BC05/06</a></h3>
<div class="row margin-b-30">
    <div class="col-sm-2">8:50 to 9:00</div>
    <div class="col-sm-10"><h4 class="session">Chair's welcome to DIMVA'24</h4></div>
    <div class="col-sm-2">9:00 to 10:00</div>
    <div class="col-sm-10">
        <h4 class="session"><u>Keynote</u> Twenty-year-old Vulnerabilities are Back: Firmware Security in the Era of "Smart" Devices, Andrea Continella (University of Twente)</h4>
        <div class="row">
            <div class="col-sm-2">
                <img src="andrea.jpg" alt="" class="img-fluid">
            </div>
            <div class="col-sm-10">
                <p>Abstract: Embedded devices have become ubiquitous. While they automate and simplify many aspects of users' lives, industrial processes, and critical infrastructures, the firmware running on these devices often presents severe (despite well-known for decades) vulnerabilities. Unfortunately, firmware is heavily hardware-dependent and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. In this talk, I will discuss the challenges of applying traditional security analysis and testing methods in the firmware domain, and I will present an overview of the techniques and tools developed for the automated discovery and mitigation of security vulnerabilities in embedded devices. Finally, I will show the results of current research, draw conclusions on the state of security of embedded firmware and the limitations of existing approaches, and highlight directions for future research.<br/><br/>

                Bio: Andrea is an Associate Professor at the University of Twente where he leads the cybersecurity team of the Semantics, Cybersecurity & Services group. His research focuses on several aspects of systems security, such as malware and threat analysis, mobile security, or software security.
                </p>
            </div>
        </div>
    </div>
    <div class="col-sm-2">10:00 to 10:30</div>
    <div class="col-sm-10"><h4>Coffee break</h4></div>
    <div class="col-sm-2">10:30 to 12:30</div>
    <div class="col-sm-10">
        <h4 class="session">Session 1: Vulnerability Detection and Defense (chair: Sven Dietrich)</h4>

        <p><b>Exceptional Interprocedural Control Flow Graphs for x86-64 Binaries</b>
        by Joshua Bockenek (Virginia Tech), Freek Verbeek (Open University of The Netherlands and Virginia Tech), and Binoy Ravindran (Virginia Tech)</p>

        <p><b>S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More</b>
        by Ruizhe Wang (University of Waterloo), Meng Xu (University of Waterloo), and N. Asokan (University of Waterloo)</p>

        <p><b>Acoustic Side-Channel Attacks on a Computer Mouse</b>
        by Gabriele Orazi (University of Padua), Marin Duroyon (Delft University of Technology), Mauro Conti (University of Padua), and Gene Tsudik (UCI)</p>

        <p><b>Modularized Directed Greybox Fuzzing for Binaries over Multiple CPU Architectures</b>
        by Sofiane Benahmed (Security Research Centre, Concordia University, Montreal, QC, Canada), Abdullah Qasem (Security Research Centre, Concordia University, Montreal, QC, Canada), Anis Lounis (Security Research Centre, Concordia University, Montreal, QC, Canada), and Mourad Debbabi (Security Research Centre, Concordia University, Quebec, Canada)</p>

        <p><b>Using Semgrep OSS to Find OWASP Top 10 Weaknesses in PHP Applications: A Case Study</b> (no onsite talk)
        by Lukas Kree (Fraunhofer FKIE), René Helmke (Fraunhofer FKIE), and Eugen Winter (Fraunhofer FKIE)</p>
        </div>
    <div class="col-sm-2">12:30 to 14:00</div>
    <div class="col-sm-10"><h4>Lunch</h4></div>
    <div class="col-sm-2">14:00 to 16:00</div>
    <div class="col-sm-10">
        <h4 class="session">Session 2: Malware and Threats (chair: Stijn Volckaert)</h4>

        <p><b>Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks</b> (no onsite talk)
        by Mohammad Ali Tofighi (Florida International University), Behzad Ousat (Florida International University), Javad Zandi (Florida International University), Esteban Schafir (Florida International University), and Amin Kharraz (Florida International University)</p>

        <p><b>Tarallo: Evading Behavioral Malware Detectors in the Problem Space</b>
        by Gabriele Digregorio (Politecnico di Milano), Salvatore Maccarrone (Politecnico di Milano), Mario D'Onghia (Politecnico di Milano), Luigi Gallo (Cyber Security Lab, Telecom Italia), Michele Carminati (Politecnico di Milano), Mario Polino (Politecnico di Milano), and Stefano Zanero (Politecnico di Milano)</p>

        <p><b>Evading Userland API Hooking, Again: Novel Attacks and a Principled Defense Method</b>
        by Cristian Assaiante (Sapienza University of Rome), Simone Nicchi (Sapienza University of Rome), Daniele Cono D'Elia (Sapienza University of Rome), Leonardo Querzoni (Sapienza University of Rome)</p>

        <p><b>Extended Abstract: Evading Packing Detection:Breaking Heuristic-Based Static Detectors</b>
        by Alexandre D'Hondt (UCLouvain), Charles-Henry Bertrand Van Ouytsel (UCLouvain), and Axel Legay (UCLouvain)</p>

        <p><b>Listening between the Bits: Privacy Leaks in Audio fingerprints</b>
        by Moritz Pfister (TU Braunschweig), Robert Michael (TU Braunschweig), Max Boll (TU Braunschweig), Konrad Rieck (TU Berlin), and Daniel Arp (TU Berlin)</p>
    </div>
    <div class="col-sm-2">16:00 to 16:30</div>
    <div class="col-sm-10"><h4>Coffee break</h4></div>
    <div class="col-sm-2">16:30 to 18:30</div>
    <div class="col-sm-10">
        <h4 class="session">Session 3: Mobile and Web Application Security (Marcel Busch)</h4>

        <p><b>Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners</b>
        by Sebastian Neef (TU Berlin) and Maath Oudeh (TU Berlin)</p>

        <p><b>SandPuppy: Deep-state fuzzing guided by automatic detection of state-representative variables</b>
        by Vivin Paliath (Arizona State University), Erik Trickel (Arizona State University), Tiffany Bao (Arizona State University), Ruoyu ""Fish"" Wang (Arizona State University), Adam Doupe (Arizona State University), and Yan Shoshitaishvili (Arizona State University)</p>

        <p><b>Extended Abstract: Tracking Manifests - Persistent Identifiers in Progressive Web Apps</b>
        by  Dolière Francis Somé (Stanford University)</p>

        <p><b>PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location</b>
        by Michele Marazzi (ETH Zurich), Patrick Jattke (ETH Zurich), Jason Zibung (ETH Zurich), and Kaveh Razavi (ETH Zurich)</p>

        <p><b>Knocking on Admin's Door: Protecting Critical Web Applications with Deception</b>
        by Billy Tsouvalas (Stony Brook University) and Nick Nikiforakis (Stony Brook University)</p>
    </div>
    <div class="col-sm-2">18:30 to 21:00</div>
    <div class="col-sm-10">
        <h4 class="session">Poster Session and Social BBQ (BC terrasse, 4th floor)</h4>
        After the technical sessions we'll slowly ease into the poster session to discuss great ongoing research along a social BBQ.<br/><br/>
    </div>
</div>


<h3>Friday, July 19: Day 2, in <a href="https://plan.epfl.ch/?room==BC%2005">BC05/06</a></h3>
<div class="row margin-b-30">
    <div class="col-sm-2">9:00 to 10:00</div>
    <div class="col-sm-10">
        <h4 class="session"><u>Keynote</u> Wireless Physical-Layer Sensing: The Good, The Bad, and The Ugly, Veelasha Moonsamy (Ruhr University Bochum)</h4>
        <div class="row">
            <div class="col-sm-2">
                <img src="veelasha.jpg" alt="(c) CASA, Martin Steffen" class="img-fluid">
            </div>
            <div class="col-sm-10">
                <div class="col-sm-10">
                    <p>Abstract: Wireless radio channels are known to contain sensitive information about the surrounding propagation environment, which can be extracted using well-established wireless sensing methods. Thus, today's ubiquitous wireless devices (e.g., IoT) are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers can obtain estimations of wireless channels, which then give away sensitive information about indoor environments. For instance, adversaries can infer human motion from wireless channel observations, therefore, allowing them to remotely monitor premises of victims. In this talk, I will present our recent works, which leverage the technology of intelligent reflecting surfaces and demonstrate how it can be used by both attackers and defenders in the wireless realm. <br/><br/>
    
                    Bio: Veelasha Moonsamy is a Professor in the Faculty of Computer Science at Ruhr University Bochum (Germany), where she leads the Chair for Security and Privacy of Ubiquitous Systems. She is also a member of the Horst Goertz Institute for IT Security and a Principal Investigator in the Excellence Cluster CASA. Her research interests include for IoT/mobile/embedded systems, data privacy and applications of machine learning for security and privacy. 
                    </p>
                </div>
            </div>
        </div>
    </div>
    <div class="col-sm-2">10:00 to 10:30</div>
    <div class="col-sm-10"><h4>Coffee break</h4></div>
    <div class="col-sm-2">10:30 to 12:30</div>
    <div class="col-sm-10">
        <h4 class="session">Session 4: AI for Security (Manuel Egele)</h4>

        <p><b>Approach for the Optimization of Machine Learning Models for Calculating Binary Function Similarity</b>
        by Suguru Horimoto (National Police Agency of Japan), Keane Lucas (Carnegie Mellon University), and Lujo Bauer (Carnegie Mellon University)</p>

        <p><b>Inferring Recovery Steps from Cyber Threat Intelligence Reports</b>
        by Zsolt Levente Kucsván (University of Twente), Marco Caselli (Siemens AG), Andreas Peter (Carl von Ossietzky Universität Oldenburg), and Andrea Continella (University of Twente)</p>

        <p><b>Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs</b>
        by Trevor Dunlap (North Carolina State University), John Speed Meyers (Chainguard), Brad Reaves (North Carolina State University), and William Enck (North Carolina State University)</p>

        <p><b>Extended Abstract: Assessing Language Models for Semantic Textual Similarity in Cybersecurity</b>
        by Arian Soltani (Université de Sherbrooke), DJeff Kanda Nkashama (Université de Sherbrooke), Jordan Felicien Masakuna (Université de Sherbrooke), Marc Frappier (Université de Sherbrooke), Pierre-Martin Tardif (Université de Sherbrooke), and Froduald Kabanza (Université de Sherbrooke)</p>

        <p><b>Extended Abstract: A Transfer Learning-based Training Approach for DGA Classification</b>
        by Arthur Drichel (RWTH Aachen University), Benedikt von Querfurth (RWTH Aachen University), and Ulrike Meyer (RWTH Aachen University)"</p>
    </div>
    <div class="col-sm-2">12:30 to 14:00</div>
    <div class="col-sm-10"><h4>Lunch</h4></div>
    <div class="col-sm-2">14:00 to 15:36</div>
    <div class="col-sm-10">
        <h4 class="session">Session 5: Hardware and Firmware Security (Stefan Brunthaler)</h4>

        <p><b>Seum Spread: Discerning Flaws in IoT Firmware Via Security-Relevant Call Sequence Semantics</b>
        by Anis Lounis (Security Research Centre, Concordia University, Montreal, QC, Canada), Anthony Andreoli (Security Research Centre, Concordia University, Montreal, QC, Canada), Mourad Debbabi (Security Research Centre, Concordia University, Montreal, QC, Canada), and Aiman Hanna (Security Research Centre, Concordia University, Montreal, QC, Canada)</p>

        <p><b>Gluezilla: Efficient and Scalable Software to Hardware Binding using Rowhammer</b>
        by Ruben Mechelinck (imec-DistriNet, KU Leuven), Daniel Dorfmeister (Software Competence Center Hagenberg), Bernhard Fischer (Software Competence Center Hagenberg), Stijn Volckaert (imec-DistriNet, KU Leuven), and Stefan Brunthaler (μCSRL, CODE Research Institute, University of the Bundeswehr Munich)</p>

        <p><b>SmmPack: Obfuscation for SMM Modules</b>
        by Kazuki Matsuo (Waseda University), Satoshi Tanda (Satoshi's System Programming Lab), Yuhei Kawakoya (NTT Security Japan KK), Kuniyasu Suzaki (Institute of Information Security), and Tatsuya Mori (Waseda University/NICT/RIKEN AIP)</p>

        <p><b>Presshammer: Rowhammer and Rowpress without Physical Address Information</b>
        by Jonas Juffinger (Graz University of Technology), Sudheendra Raghav Neela (Graz University of Technology), Martin Heckel (Hof Univeristy, University of Applied Sciences), Lukas Schwarz (Graz University of Technology), Florian Adamsky (Hof University of Applied Sciences, Institute of Information Systems (iisys)), and Daniel Gruss (Graz University of Technology)</p>
    </div>
    <div class="col-sm-2">15:36 to 16:00</div>
    <div class="col-sm-10"><h4>Coffee break</h4></div>
    <div class="col-sm-2">16:00 to 17:36</div>
    <div class="col-sm-10">
        <h4 class="session">Session 6: Cyber Physical Systems and IoT (Daniel Gruss)</h4>

        <p><b>SecMonS: A Security Monitoring Framework for IEC 61850 Substations Based on Configuration Files and Logs</b>
        by Onur Duman (Concordia University), Mengyuan Zhang (Vrije Universiteit), Lingyu Wang (Concordia University), and Mourad Debbabi (Concordia university)</p>

        <p><b>FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids</b>
        by Emad Efatinasab (University of Padua), Francesco Marchiori (University of Padua), Alessandro Brighente (University of Padua), Mirco Rampazzo (University of Padua), and Mauro Conti (University of Padua & Delft University of Technology)</p>

        <p><b>Wireless Modulation Identification: filling the gap in IoT networks security audit</b>
        by Florent Galtier (LAAS-CNRS), Guillaume Auriol (LAAS-CNRS), Vincent Nicomette (LAAS-CNRS), Paul L. R. Olivier (LAAS-CNRS), Romain Cayre (EURECOM), and Mohamed Kaâniche (CNRS, LAAS)</p>

        <p><b>Extended Abstract: Assessing GNSS Vulnerabilities in Smart Grids</b>
        by Sine Canbolat (Karlsruhe Institute of Technology (KIT)), Clemens Fruböse (Karlsruhe Institute of Technology (KIT)), Ghada Elbez (Karlsruhe Institute of Technology (KIT)), and Veit Hagenmeyer (Karlsruhe Institute of Technology (KIT))</p>
    </div>
    <div class="col-sm-2">17:36 to 17:40</div>
    <div class="col-sm-10">
        <h4 class="session">Closing notes and good bye</h4>
    </div>
</div>

</div></section>

<hr>

<section id="registration">
<div class="container">
<br/><h2>Registration</h2>
The registration was open with an early bird price of 290.- CHF (until June 21) and regular price of 340.- CHF afterwards.
The registration is now closed.
Reach out to <a href="mailto:mathias.payer@epfl.ch">mathias.payer@epfl.ch</a> if you have questions.
</div>
</section>

<hr>

<section id="cfposter">
<div class="container">
<br/><h2>Call for Posters</h2>
<h3>Important Dates (AoE)</h3>
<ul>
    <li>Submission: up to Jun 21, 2024 (extended to encourage authors to submit posters)</li>
    <li>Notification: from Jun 19, 2024 on until the deadline</li>
</ul>
High quality posters enable discussion of recent research results, deep interactions with interested attendees, a peek into ongoing work, and presentation of new crazy ideas.
DIMVA welcomes the submission of posters on preliminary findings, ongoing work, or recently published work. Posters will be presented in a forum where attendees can mingle and interact.

Poster submissions contain an extended abstract of up to two pages in the DIMVA paper submission format along with a draft of the poster.
If the poster refers to a published paper, it must be referenced. The poster submission is now closed.
At the conference, we will provide posters stands. Attendees can bring their printed posters up to size A0.
</div>
</section>

<hr>

<section id="cfp">
<div class="container">
<br/><h2>Call for Papers</h2>
<h3>Important Dates (AoE)</h3>
<ul>
    <li>Cycle 1:
        <ul>
            <li>Submission: <s>Dec 6, 2023</s> Dec 19, 2023 (extended)</li>
            <li>Notification (accept/reject/revision):<s>Jan 24, 2024</s> Feb 2, 2024</li>
        </ul>
    </li>
    <li>Cycle 2:
    <ul>
        <li>Submission: <s>Feb 14, 2024</s> Feb 21, 2024 (extended)</li>
        <li>Notification (accept/reject): <s>Apr 4, 2024</s> Apr 8, 2024</li>
    </ul>
    </li>
    <li>Camera ready deadline: <s>Apr 17, 2024</s> May 01, 2024</li>
    <li>Conference: July 17 to 19, 2024</li>
</ul>

<h3>General Information</h3>

<p>The annual DIMVA conference serves as a premier forum for advancing the state of the art in the broader areas of intrusion detection, malware analysis, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security – Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI). The conference proceedings will appear in the Springer Lecture Notes in Computer Science (LNCS) series.</p>

<h3>Topics of Interest</h3>

<p>DIMVA solicits submissions of high-quality, original scientific papers presenting novel research on malware analysis, intrusion detection, vulnerability assessment, and related systems security topics.</p>

<p><b>Special topic: Generative AI.</b> We encourage submissions about security issues of generative AI to solve intrusion, malware, or vulnerability detection related challenges; or security of generative AI applications. Submissions in this special topic will be reviewed with the same criteria as any other submission.</p>

<p>Topics of interest include, but are not limited to:<br/>

<h4>Intrusions</h4>
<ul>
<li>Novel approaches and domains</li>
<li>Insider detection</li>
<li>Prevention and response</li>
<li>Data leakage, exfiltration, and poisoning</li>
<li>Result correlation and cooperation</li>
<li>Evasion and other attacks</li>
<li>Potentials and limitation</li>
<li>Operational experiences</li>
<li>Privacy, legal, and social aspects</li>
<li>Targeted attacks</li>
<li>Analysis or detection of cryptocurrency heists</li>
</ul>

<h4>Malware</h4>
<ul>
<li>Automated analyses</li>
<li>Behavioral models</li>
<li>Prevention and containment</li>
<li>Classification</li>
<li>Lineage</li>
<li>Forensics and recovery</li>
<li>Underground economy</li>
<li>Vulnerabilities in malware</li>
<li>Financially targeted malware (e.g., ransomware, DeFi)</li>
</ul>

<h4>Vulnerability detection</h4>
<ul>
<li>Vulnerability prevention</li>
<li>Vulnerability analysis</li>
<li>Exploitation and defenses</li>
<li>Hardware vulnerabilities</li>
<li>Situational awareness</li>
<li>Active probing</li>
<li>Vulnerabilities in decentralized systems</li>
</ul>
</p>

<p>Papers will be judged on novelty, significance, correctness, and clarity. We expect all papers to provide enough details to enable reproducibility of the experimental results. We encourage papers that bridge research in different communities. We also welcome experience papers that clearly articulate lessons learnt.</p>

<h3>Types of Submissions Solicited</h3>

<p>We invite submissions of two types:</p>
<p><b>Full Paper:</b> presenting novel and mature research results. Full papers are limited to 20 pages in Springer LNCS format, including bibliography and appendices.</p>
<p><b>Short Paper:</b> presenting original, still ongoing work that has not yet reached the maturity required for a full paper. Short papers are limited to 10 pages in Springer LNCS format, including bibliography and appendices. Short papers will be included in the proceedings. The title of short papers must start with the words “Extended Abstract”.</p>
<p>Papers that do not follow the above formatting guidelines may be rejected without review.</p>

<h3>Submission Guidelines</h3>

<p>DIMVA 2024 will adopt a double-blind reviewing process. All submissions should be appropriately anonymized. Author names and affiliations must be excluded from the paper. Furthermore, authors should avoid obvious self-references, and should cite their own previous work in third person, whenever necessary. Papers that are not properly anonymized risk being rejected without review.</p>
<p>Submissions must be original work and may not be under submission to another venue at the time of review. At least one author of each accepted paper is required to physically present the submitted work at the conference, for the paper to be included in the proceedings.</p>
<p>Authors are encouraged to submit code appropriately anonymized, using, e.g., <a href="https://anonymous.4open.science/">https://anonymous.4open.science/</a>.</p>
<p>Papers can be submitted using <a href="https://dimva2024.hotcrp.com/">https://dimva2024.hotcrp.com/</a>.</p>

<h3>Ethical considerations</h3>

<p>Submissions that report experiments with data gathered from human subjects should disclose whether the research received approval from an institutional ethics review board (IRB), if applicable, and what measures were adopted to minimize risks to privacy.</p>
<p>Submissions that describe experiments related to vulnerabilities in software or systems should discuss the steps taken to avoid negatively affecting any third-parties (e.g., in case of probing of network devices), and how the authors plan to responsibly disclose the vulnerabilities to the appropriate software or system vendors or owners before publication.</p>
<p>If you have any questions, please contact the program chairs at <a href="mailto:pc-chairs@dimva.org:">pc-chairs@dimva.org</a>.</p>
</div>
</section>

<hr/>

<section id="committee">
<div class="container">
<br>
<h2>Committee</h2>

<h4>Program co-chairs (email: <a href="mailto:pc-chairs@dimva.org">pc-chairs@dimva.org</a>)</h4>
<ul>
	<li><a href="https://maggi.cc/">Federico Maggi</a> (AWS)</li>
    <li><a href="https://megele.io/">Manuel Egele</a> (Boston University)</li>
</ul>

<h4>Program committee</h4>
<ul>
    <li>Andrea Lanzi, University of Milan</li>
    <li>Sven Dietrich, City University of New York</li>
    <li>Seungwon Shin, KAIST</li>
    <li>Mario Polino, Politecnico di Milano </li>
    <li>Daniele Cono D'Elia, Sapienza University of Rome</li>
    <li>Stefano Zanero, Politecnico di Milano</li>
    <li>Sébastien Bardin, CEA List</li>
    <li>Tapti Palit Purdue, University</li>
    <li>Deborah Shands SRI, International</li>
    <li>Roland Yap, National University of Singapore</li>
    <li>Michael Schwarz, CISPA Helmholtz Center for Information Security</li>
    <li>Konrad Rieck, TU Berlin</li>
    <li>Gianluca Stringhini, Boston University</li>
    <li>Andrea Continella, University of Twente</li>
    <li>Yinzhi Cao Johns, Hopkins University</li>
    <li>Marco Cova, VMware</li>
    <li>Alexios Voulimeneas, TU Delft</li>
    <li>Shirin Nilizadeh, The University of Texas at Arlington</li>
    <li>Michalis Polychronakis, Stony Brook University</li>
    <li>Bo Feng, Zhejiang University</li>
    <li>Anita Nikolich, UIUC</li>
    <li>Vasileios Kemerlis, Brown University</li>
    <li>Hervé Debar, Télécom SudParis</li>
    <li>Daniele Antonioli, EURECOM</li>
    <li>Andrea Mambretti, IBM Research Europe - Zurich</li>
    <li>Fabio Pierazzi, King's College London</li>
    <li>Michele Carminati, Politecnico di Milano</li>
    <li>Nick Nikiforakis, Stony Brook University</li>
    <li>Aravind Machiry, Purdue University</li>
    <li>Flavio Toffalini, EPFL</li>
    <li>Marcel Busch, EPFL</li>
    <li>Nils Ole Tippenhauer CISPA</li>
    <li>Johannes Kinder, Ludwig-Maximilians-Universität München (LMU Munich)</li>
    <li>Sevtap Duman Ege, University</li>
    <li>Veelasha Moonsamy, Ruhr University Bochum</li>
    <li>Feng Xiao Georgia, Institute of Technology</li>
    <li>R Sekar, Stony Brook University</li>
    <li>Christof Ferreira Torres, ETH Zürich</li>
    <li>Stefano Longari, Politecnico di Milano</li>
    <li>Dario Stabili, Alma Mater Studiorum - University of Bologna</li>
    <li>Michael Meier, University of Bonn / Fraunhofer FKIE</li>
    <li>Kevin Borgolte Ruhr University Bochum</li>
    <li>Jeremiah Onaolapo, University of Vermont</li>
    <li>Moritz Lipp, Amazon Web Services</li>
    <li>Christophe Hauser, Dartmouth College</li>
    <li>Lilika Markatou, TU Delft</li>
    <li>Bo Feng, Zhejiang University</li>
</ul>

<h4>Publication chair</h4>
<ul>
    <li>Michele Carminati</li>
</ul>

<h4>Poster chair</h4>
<ul>
    <li><a href="https://flaviotoffalini.info/">Flavio Toffalini</a></li>
</ul>

<h4>General chair</h4>
<ul>
    <li><a href="https://nebelwelt.net/">Mathias Payer</a> (EPFL)</li>
</ul>

<h4>Steering committee</h4>
<ul>
    <li>Ulrich Flegel (co-chair)</li>
    <li>Michael Meier (co-chair)</li>
    <li>Magnus Almgren</li>
    <li>Sébastien Bardin</li>
    <li>Leyla Bilge</li>
    <li>Gregory Blanc</li>
    <li>Herbert Bos</li>
    <li>Danilo M. Bruschi</li>
    <li>Roland Bueschkes</li>
    <li>Juan Caballero</li>
    <li>Lorenzo Cavallaro</li>
    <li>Hervé Debar</li>
    <li>Sven Dietrich</li>
    <li>Mathias Fischer</li>
    <li>Giorgio Giacinto</li>
    <li>Cristiano Giuffrida</li>
    <li>Daniel Gruss</li>
    <li>Bernhard Haemmerli</li>
    <li>Thorsten Holz</li>
    <li>Marko Jahnke</li>
    <li>Klaus Julisch</li>
    <li>Christian Kreibich</li>
    <li>Christopher Kruegel</li>
    <li>Pavel Laskov</li>
    <li>Federico Maggi</li>
    <li>Clémentine Maurice</li>
    <li>Nuno Neves</li>
    <li>Roberto Perdisci</li>
    <li>Michalis Polychronakis</li>
    <li>Konrad Rieck</li>
    <li>Jean-Pierre Seifert</li>
    <li>Robin Sommer</li>
    <li>Urko Zurutuza</li>
</ul>
</div>
</section>

<hr>


<section id="venue">
<div class="container">
<br/><h2>Venue: EPFL</h2>

<img src="epfl.jpg" width="100%" alt="EPFL aerial view by Jamani Caillet"/>
<br/><br/>
<p>DIMVA will be held in <a href="https://plan.epfl.ch/?room==BC%2005">BC05/06</a> on the EPFL campus.
You can reach EPFL via the M1 metro line from "Lausanne Flon" or by bus.
The best public transport stops are "Ecublens VD, EPFL" on the M1 metro, "St-Sulpice VD, Parc Scient." on bus 701 or, closest to the venue, "Ecublens VD, EPFL/Colladon" on bus 1.
Check the <a href="https://www.sbb.ch/en/">SBB website</a> for schedules or download their mobile app.
If needed, you can buy train/public transport tickets on the SBB app.</p>
<p>Hotels in Lausanne provide a free transit card at the reception desk for travel in and around the city.
With your printed reservation, you may travel from Lausanne train station to your hotel on public transport for check-in.
We highly recommend taking public transport.</p>
<p>We have contacted three hotels with reserved room blocks that will give you the EPFL internal rate when booking with the code "DIMVA2024".
Please contact the hotel directly to make your reservation.</p>
<div class="row">
    <div class="col-sm"><a href="https://reservations.starling-hotel-lausanne.com/73897?groupID=4081287&hotelID=73897#/guestsandrooms"><img src="starling.jpg" width="80%"/><br/><br/>
        <b>Starling Hotel Lausanne ***</b></a><br/>
        Email: <a href="mailto:s.mesnil@shlausanne.ch">s.mesnil@shlausanne.ch</a><br/>
        Phone: +41(0)21/694.85.92<br/>
        Price: 170.-/night (single), 205.- (double)<br/>
        Taxes: 3.50, breakfast included
    </div>
    <div class="col-sm"><a href="https://www.swisstech-hotel.com/"><img src="swisstech.jpg" width="80%"/><br/><br/>
        <b>SwissTech Hotel **</b></a><br/>
        Email: <a href="mailto:reception@sthotel.ch">reception@sthotel.ch</a><br/>
        Phone: +41(0)21/694.06.10<br/>
        Price: 130.-/night (single)<br/>
        Taxes: 5.50, breakfast 16.-<br/>
        Use code "DIMVA2024"
    </div>
    <div class="col-sm"><a href="https://all.accor.com/hotel/6772/index.en.shtml"><img src="ibis.jpg" width="80%"/><br/><br/>
        <b>IBIS Lausanne Centre **</b></a><br/>
        Email: <a href="mailto:H6772-AM@accor.com">H6772-AM@accor.com</a><br/>
        Phone: +41(0)21/340.07.01<br/>
        Price: 170.-/night (single)<br/>
        Taxes: 5.50, breakfast included.<br/>
        Use code "DIMVA2024"
    </div>
</div>
</div>

</section>

<hr>
    
<section id="sponsors">
<div class="container">
<h2>Sponsors</h2><br/>
<div class="row">
    <div class="col-sm"><a href="https://bugscale.ch/"><img src="bugscale.png" width="30%"/></a>
    </div>
    <div class="col-sm"><a href="https://www.orangecyberdefense.com/ch/"><img src="orange_cyberdefense.png" width="70%"/></a>
    </div>
    <div class="col-sm"><a href="https://www.springer.com/"><img src="springer.png" width="70%"/></a>
    </div>
</div>

</div>
</section>

</main>
</body>
</html>