Submit a Paper

The Fourth International Conference on Internet Monitoring and Protection

ICIMP 2009

May 24-28, 2009 - Venice/Mestre, Italy


Call for Papers

The International Conference on Internet Monitoring and Protection (ICIMP 2009) initiates a series of special events targeting security, performance, vulnerabilities in Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement, monitoring and lessons learnt in protecting the user.

The design, implementation and deployment of large distributed systems are subject to conflicting or missing requirements leading to visible and/or hidden vulnerabilities. Vulnerability specification patterns and vulnerability assessment tools are used for discovering, predicting and/or bypassing known vulnerabilities. 

Vulnerability self-assessment software tools have been developed to capture and report critical vulnerabilities. Some of vulnerabilities are fixed via patches, other are simply reported, while others are self-fixed by the system itself. Despite the advances in the last years, protocol vulnerabilities, domain-specific vulnerabilities and detection of critical vulnerabilities rely on the art and experience of the operators;  sometimes this is fruit of hazard discovery and difficult to be reproduced and repaired.

System diagnosis represent a series of pre-deployment or post-deployment activities to identify feature interactions, service interactions, behavior that is not captured by the specifications, or abnormal behavior with respect to system specification.  As systems grow in complexity, the need for reliable testing and diagnosis grows accordingly. The design of complex systems has been facilitated by CAD/CAE tools. Unfortunately, test engineering tools have not kept pace with design tools, and test engineers are having difficulty developing reliable procedures to satisfy the test requirements of modern systems.  Therefore, rather than maintaining a single candidate system diagnosis, or a small set of possible diagnoses, anticipative and proactive mechanisms have been developed and experimented. In dealing with system diagnosis data overload is a generic and tremendously difficult problem that has only grown. Cognitive system diagnosis methods have been proposed to cope with volume and complexity.

Attacks against private and public networks have had a significant spreading in the last years. With simple or sophisticated behavior, the attacks tend to damage user confidence, cause huge privacy violations and enormous economic losses.

The CYBER-FRAUD track focuses on specific aspects related to attacks and counterattacks, public information, privacy and safety on cyber-attacks information.  It also targets secure mechanisms to record, retrieve, share, interpret, prevent and post-analyze of cyber-crime attacks.

Current practice for engineering carrier grade IP networks suggests n-redundancy schema. From the operational perspective, complications are involved with multiple n-box PoP. It is not guaranteed that this n-redundancy provides the desired 99.999% uptime. Two complementary solutions promote (i) high availability, which enables network-wide protection by providing fast recovery from faults that may occur in any part of the network, and (ii) non-stop routing. Theory on robustness stays behind the attempts for improving system reliability with regard to emergency services and containing the damage through disaster prevention, diagnosis and recovery.

Highly reliable emergency communications are required by public safety and disaster relief agencies to perform recovery operations or associated with disasters or serious network events. Future advanced network development and evolution should take into consideration these requirements through solutions:

  • Identification of suitable technologies, i.e., narrowband and broadband aspects,
  • Interoperability and interworking between emergency communications capabilities and public networks,
  • Preferential access to communications resources capabilities, applications, and facilities,
  • Preferential use of remaining operational resources.

We solicit both academic, research, and industrial contributions. ICIMP 2009 will offer tutorials, plenary sessions, and panel sessions. The ICIMP 2009 Proceedings will be published by Conference Publishing Services and posted on Xplore IEEE system. A best paper award will be granted by the IARIA’s award selection committee. The Advisory Committee will periodically report special events relating to our community.

The conference has the following specialized events:

TRASI: Internet traffic surveillance and interception

IPERF: Internet performance      

RTSEC: Security for Internet-based real-time systems

DISAS:  Disaster prevention and recovery

EMERG: Networks and applications emergency services 

MONIT: End-to-end sampling, measurement, and monitoring

REPORT: Experiences & lessons learnt in securing networks and applications

USSAF: User safety, privacy, and protection over Internet

SYVUL: Systems vulnerabilities

SYDIA: Systems diagnosis

CYBER-FRAUD: Cyber fraud

BUSINESS: Business continuity

RISK: Risk assessment

TRUST: Privacy and trust in pervasive communications   

RIGHT: Digital rights management

BIOTEC: Biometric techniques

EMDRM: Enterprise & Media DRM

We welcome technical papers presenting research and practical results, position papers addressing the pros and cons of specific proposals, such as those being discussed in the standard fora or in industry consortia, survey papers addressing the key problems and solutions on any of the above topics short papers on work in progress, and panel proposals.

The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas.  All tracks are open to both research and industry contributions.

TRASI: Internet traffic surveillance and interception

Methods and context to classify legal and illegal traffic
Methods and procedure to classify wanted and undesired traffic
Overloads, attacks, and failures
Detection of attacks via protocols and applications
Undesired traffic evaluation
Traffic identification caused by malicious code (spam, virii, and worms, etc.)
Traffic profile during disaster recovery,
Traffic during active emergency services
Early warning on growing undesired traffic
Access control and audit detection points
Denial of service
Spoofing
Lawful interception
Multi-modal undesired traffic detection
Measurements and data mining correlation
Countermeasures on undesired traffic

IPERF: Internet performance

Performance-oriented design
Active and passive performance monitoring
Performance metrics and measurements
Measurement-based performance evaluation in Internet
System measurement and monitoring
Performance model verification and validation
Stochastic modeling (queues,  Petri nets, etc.)
Statistical performance
Performance of Internet routing
Performance optimization
Internet performance prediction
Internet performance evaluation studies
Internet performance testbeds
Performance evaluation of Web search engines
Performance evaluation of P2P systems

RTSEC: Security for real-time systems

Security and availability of Web Services
Security/Performance trade-off
Distributed systems security           
Language-based security  
Formalisms for security and protocol verification
Performance on firewall protected real-time systems
Security management in real-time systems
Metrics and techniques for security risk assessment
Internet monitoring and response security service
Protecting emergency communications from misuse and exploitation
Maintaining security in the face of disaster
Intrusion prevention and detection systems
Secure networks from web-based threats

DISAS:  Disaster prevention and recovery   

Survivable networks on chips
Intrusion detection and defense
Alerting systems based on outstanding network events
Recovery methods in various networks
Disaster diagnosis and continuity plans
Fighting mechanisms for disaster of networks and applications
Global positioning systems
Vehicle localization and navigation systems
Disaster relief agencies to perform recovery operations
Survivability-driven defense and do-it-yourself disaster recovery
Security during disaster recovery
Budgeting disaster recovery
Networks emergency services
Reliable emergency communications and applications
Response to the networks emergency services
Disaster prevention and recovery
Fighting mechanisms for disaster of networks and applications
Networks resiliency methods
Recovery in various networks
Theory on robust networks
Customer protection and serviceability perception
Cost models and business impact
Cultural and legal aspects
Future advanced network development and evolution
Standards and guidelines
Lawful interception and defense strategies
Security issues with emergency services and disaster recovery

EMERG: Networks and applications emergency services 

Survivability architecture for e-commerce
Emergency and non-emergency services,
Emergency coverage and intermittent services
PSAPs and emergency services
Future 911 PSAP message interfaces
Reliable emergency communications
Next generation of emergency communications
Response to the networks emergency services
Voice emergency notification services

MONIT: End-to-end sampling, measurement, and monitoring                     

Internet monitoring techniques and procedures
Monitoring tools, functions, and metrics
Combining, filtering, and reporting monitoring metrics
Theory and practice on sampling/inversion problem (accuracy, complexity, etc.)
Distributed and adaptive sampling techniques
Sampling & inverting traffic with passive and active systems
Internet end-to-end measurements from a sampling perspective
Impact of sampling on anomaly detection
Mechanisms for sampling the Internet traffic or collected traces
On-line and off-line metrics and measurements
Incident estimation and monitoring
Internet access monitoring                          
Spy software
Internet monitoring, filtering and blocking software
Monitoring Internet traffic to optimize network bandwidth
Remote monitoring

REPORT: Experiences & lessons learnt in securing networks and applications

Platforms for electronic distribution of plane tickets
Platforms for electronic distribution of hotel booking
Data accuracy
E-trade strengths and weaknesses
Malicious spyware
Blocking without quarantining the systems/networks
Out-of-band intrusion prevention
Antivirus e-mail gateways software
Security and vulnerability engineering

USSAF: User safety, privacy and protection over Internet

Countermeasures on fraud prevention
Trust, trust estimators, and trust mitigation in public e-business
Customer protection and serviceability perception
Privacy impacts of emergency presence services
Authentication/authorization
Biometric methodologies and ID Cards
Security on hardware and smart cards
Identity management
Automated security analysis
Electronic Privacy
Anonymity and pseudo-anonymity
Security compliance
Public safety, Instance messages
Presence protocols
Priority user service

SYVUL: Systems vulnerabilities

Vulnerability specification languages
System vulnerability assessment
Formal methods for safety-critical systems
Prediction capabilities of vulnerability discovery models
Highly vulnerable systems
Critical vulnerabilities
Errors and configurations leading to vulnerabilities
Incident reports and handling
Networks resiliency methods
Capacity planning for resilience and emergency
Operational resilience
Theory of disaster-tolerant systems
Web service vulnerability
Protocol vulnerability
Vulnerabilities in database systems
Vulnerability in control systems
Vulnerability analysis and. requirements for the security
Vulnerabilities by self-managed sensors
Recovery by disruption resource procedures
Common vulnerability scoring systems
Cost models and vulnerability business impact

SYDIA: Systems diagnosis

Diagnosis platforms
Diagnosis policy language
Diagnosis event formats
Process algebras for systems diagnosis
Probabilistic diagnosis of multiprocessor systems
Self-diagnosis in distributed systems
Cognitive system diagnosis
System diagnosis using propagation models
Technical intuition in systems diagnosis
Managing conflicts in systems diagnosis
Hybrid systems diagnosis
Diagnosis tools
End-to-end diagnosis
Remote system diagnosis
Diagnosis licensing
Real-time symptom detection and fixing actions
Forensic/real-time/anticipative diagnosis
Diagnosing mobility-oriented systems
Diagnosis of discrete event systems
Diagnosis of complex dynamical systems

CYBER-FRAUD: Cyber fraud

Epidemiological models for warware and cyber-crime propagation
Record and retrieval of cyber-crimes
Forensic analysis
Cyber-crime prevention
Cyber-crime vulnerabilities
Cyber-counterattack at source
Distributed cyber-attacks
Orchestrated cyber-attacks
Recursion attacks
Cyber-storm attacks
Spyware and malware
Cyber-pranks, hoaxes
Phishing/Pharming and anti-phishing
Cyber-terrorism,
Online cyber-crime reporting
Accuracy and security of cyber-reports
Fighting cyber-crimes
Cyber-crime laws

BUSINESS: Business continuity
Regulatory compliance
Techniques for business continuity planning in the real world
Business contingency and resumption planning
Emotional continuity management
Semiotic engineering of online services
Emergency preparedness for industry and commerce
Updating, auditing and testing plans
Reduce downtime with continuous backup
Global connectivity and international formats
Web-based planning tools
Automatic high speed notification and response for business continuity
Centralized management
Businesses continuity planning software
On-demand business transformation

RISK: Risk assessment
Risk assessment information systems
Modeling risk assessment
Risk Assessment methods
Global risk assessment
Qualitative risk assessments
Quantitative risk assessment
Challenges in risk assessment
Risk assessment for economy
Risk assessment for security of communications systems
Safety risk assessment
Health system risk assessment
Integrated risk assessment
Planning tools for proactive risk assessment 
Risk management
Risk factors and economic impact
Risk metrics and calibration
Precaution and risk balance
Risk and economic analysis of terrorism events
Risk analysis for extreme events
Life cycle assessment in decision making
Environmental risk assessment
Credit ratings risk assessment
Risk Assessment statistics & numerical data
Risk assessment standards
Risk assessment tools and support software

TRUST: Privacy and trust in pervasive communications   
Trust development and management
Engineering requirements for trust management
Formalisms for trust specification, verification and validation
Logics for the analysis of trust and for reasoning about trust
Legal framework for online trust environments
Trust in semantic Web services
Reputation systems
Distributed trust management
Trust on anonymous documents
Privacy and trust
Trust in collaborative work and risk assessment
Risk analysis to assess user trust
Human behaviors in trusted environments
Trust in virtual communities
Trust mediation in knowledge management
Trust planning and evaluation metrics 
Trust policies
Self-adaptable trust mechanisms
Identity Management in pervasive environments (requirements, levels of abstractions, context, protection, etc.)
Assurance (compliance, assurance, audit, security requirements)

RIGHT: Digital rights management
Ontology and frameworks on digital rights management
Digital rights property languages
Semantic and encoding of digital rights
Rights granularity
Digital right technologies
Digital rights management schemes
Federated digital rights management
Distributed digital rights management
Copyright protection schemes
Digital rights management ands social norms
Faire use, innovation, and competition
Trading fair use for digital rights management
Digital rights management and open access
Privacy engineering for digital rights management
Value-centered design for digital rights management
Free software and digital rights management
P2P and digital rights management
Broadband/IPTV content protection and digital rights management
Digital right management and content licensing
Digital rights management issues in real-time and safety/mission systems
RFID tags for digital rights management
Digital rights management in learning systems
Legal policy and digital right management

BIOTEC: Biometric techniques
Models and techniques for biometric technologies
Finger, facial, iris, voice, and skin biometrics
Biometric security
Signature recognition
Multimodal biometrics
Verification and identification techniques
Accuracy of biometric technologies
Authentication smart cards and biometric metrics
Performance and assurance testing
Limitations of biometric technologies
Biometric card technologies
Biometric wireless technologies
Biometric software and hardware
Biometric standards

EMDRM: Enterprise & Media DRM
Digital Policy Management
Enterprise Rights Management (adoption and case studies)
DRM Interoperability
Operational Risk Management
Compliance and Regulatory Frameworks (SOX, Basel II, HIPPA, etc.)
Corporate Governance
Content and Knowledge Management (financial, CAD, IP, trade secrets, etc.)
Interorganizational System (IOS)
Retention Policies and Classification
Traceability, Monitoring, tracking, usage metering, audit trails

INSTRUCTION FOR THE AUTHORS

Authors of selected papers will be invited to submit extended versions to one of the IARIA Journals.

Important deadlines:

Submission (full paper) December 10 December 22, 2008
Authors notification January 25, 2009 January 31, 2009
Registration February 15, 2009
Camera ready February 20, 2009

Only .pdf or .doc files will be accepted for paper submission. All received papers will be acknowledged via an automated system.

Final author manuscripts will be 8.5" x 11", not exceeding 6 pages; max 4 extra pages allowed at additional cost. The formatting instructions can be found on the Instructions page. Helpful information for paper formatting can be found on the here.

Your paper should also comply with the additional editorial rules.

Once you receive the notification of paper acceptance, you will be provided by the Conference Publishing Services an online author kit with all the steps an author needs to follow to submit the final version. The author kits URL will be included in the letter of acceptance.

Posters

Posters are welcome. Please submit the contributions following the instructions for the regular submissions using the "Submit a Paper" button and selecting the track/workshop preference as "POSTER : Posters".  Submissions are expected to be 6-8 slide deck. Posters will not be published in the Proceedings. One poster with all the slides together should be used for discussions. Presenters will be allocated a space where they can display the slides and discuss in an informal manner. The poster slide decks will be posted on the IARIA site.

For more details, see the Posters explanation page.

Work in Progress

Work-in-progress contributions are welcome. Please submit the contributions following the instructions for the regular submissions using the "Submit a Paper" button and selecting the track/workshop preference as "WIP: Work in Progress".  Authors should submit a four-page (maximum) text manuscript in IEEE double-column format including the authors' names, affiliations, email contacts. Contributors must follow the conference deadlines, describing early research and novel skeleton ideas in the areas of the conference topics. The work will be published in the conference proceedings.

For more details, see the Work in Progress explanation page

Technical marketing/business/positioning presentations

The conference initiates a series of business, technical marketing, and positioning presentations on the same topics. Speakers must submit a 10-12 slide deck presentations with substantial notes accompanying the slides, in the .ppt format (.pdf-ed). The slide deck will not be published in the conference’s CD Proceedings. Presentations' slide decks will be posted on the IARIA's site. Please send your presentations to petre@iaria.org.

Tutorials

Tutorials provide overviews of current high interest topics. Proposals should be for three hour tutorials. Proposals must contain the title, the summary of the content, and the biography of the presenter(s). The tutorials' slide decks will be posted on the IARIA's site. Please send your proposals to petre@iaria.org

Panel proposals:

The organizers encourage scientists and industry leaders to organize dedicated panels dealing with controversial and challenging topics and paradigms. Panel moderators are asked to identify their guests and manage that their appropriate talk supports timely reach our deadlines. Moderators must specifically submit an official proposal, indicating their background, panelist names, their affiliation, the topic of the panel, as well as short biographies. The panel's slide deck will be posted on the IARIA's site.

For more information, petre@iaria.org

Workshop proposals

We welcome workshop proposals on issues complementary to the topics of this conference. Your requests should be forwarded to petre@iaria.org.

 
 

Copyright (c) 2006-2010, IARIA