| |||||||||||||||
WATeR 2013 : The First Workshop on Anti-malware Testing Research | |||||||||||||||
Link: http://secsi.polymtl.ca/water2013 | |||||||||||||||
| |||||||||||||||
Call For Papers | |||||||||||||||
-------------------------------------------------
Description: Anti malware products have become a key element of information system protection against current threats. Testing how effective these products are at protecting the end-users and their computers is therefore crucial, whether it is to improve product quality (engineering testing) or to aid users in making better decisions about their acquisition and operation (certification and comparative testing). However designing and conducting relevant anti-malware tests producing significant and accurate results is a complex problem. First of all, anti malware products must be tested not only in varying operating conditions and environment, but also against a constantly evolving threat, driven by malware creators whose goal is to make them perform poorly. Second, the evolving complexity and variety of malware, both in terms of propagation methods and ultimate uses has rendered the problem of proper testing much more difficult with time. Long gone are the days when anti-malware performance could be accurately measured by the traditional method of exposing them to a list of malware file samples containing most if not all of the known malware variants. Today, the sheer number of known malware samples, their extensive use of the Internet and the Web, and in many cases the necessity for human intervention for propagation make this approach much less applicable. On the other hand, many traditional anti malware products have in fact migrated towards dynamic protection services, with anti malware vendors constantly updating threat databases and signatures, which are being consulted on-demand by locally installed products; the so-called anti-malware “in-the-cloud” solutions. Testing the efficacy of such new types of products and services under relevant and repeatable conditions constitutes a formidable technical, operational and even economical challenge. The Anti-Malware Testing Standards Organization (AMTSO), regrouping key players from the anti-malware industry including product vendors, testers, security experts and technology publishers, fully recognizes the technical challenges posed by testing in the current context. It also acknowledges the need to re-evaluate traditional testing methods in the current context, to potentially develop new approaches to testing, while providing an open forum for discussion on these issues including the academic community, regulatory bodies and government, and groups representing the interests of end-users. To that effect, the SecSI Laboratory of École Polytechnique de Montréal, with the collaboration of AMTSO and technical co-sponsorship of IEEE Technical Society (pending approval), is organizing the First Worshop on Anti-malware Testing Research. The aim of this workshop is to bring together experts from the industry in contact with academic researchers in order to identify and define the important technical problems associated with anti-malware testing methodologies, and hopefully help establishing collaborations on potential research projects looking for solutions to these problems. ------------------------------------------------- Scope: The organizers of the workshop solicit papers discussing the technical and operational difficulties of anti-malware testing. This may include surveys and position papers, proposals for innovative approaches, quantitative analysis of testing, and field reports or research results on testing. The following is a non-exhaustive list of topics that may be covered: • Static file sample testing (“On-demand testing”) • Malware sample storage and labelling • Sample selection for static testing • Dynamic testing using malicious URL • URL samples selection • Internal testing for product improvement • User-experience evaluation and testing • Comparative testing • Remediation testing • Automated testing facilities • Testing with human subjects • Testing “in-the-cloud” anti-malware products • Measuring anti-malware vendor responsiveness (“time to protect”) • Test results interpretation and validation • Economics of anti-malware testing ------------------------------------------------- Paper Submissions: Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with publically available proceedings. Papers must be written in English. Maximum paper length will be 4-6 printed pages in IEEE 2-column style. Authors of accepted papers must register for the workshop (minimum one registration per paper) and guarantee that their papers will be presented at the conference. All papers selected for presentation at the conference will be published in the hard-copy proceedings distributed to all conference participants and will be made available on-line by IEEE Xplore (http://ieeexplore.ieee.org). All paper submissions will be handled through the Easy Chair conference management system. See instructions at (https://www.easychair.org/conferences/?conf=water2013) or at the conference Web site (http://secsi.polymtl.ca/water2013). ------------------------------------------------- Program Committee: GENERAL CHAIR José M. Fernandez, École Polytechnique de Montréal, Canada PC CHAIR Carlton Davis, École Polytechnique de Montréal, Canada PUBLICITY CHAIR Joan Calvet, École Poltyechnique de Montréal PROGRAM COMMITTEE Anthony Arrott, Trend Micro, USA Pierre-Marc Bureau, ESET Canada, Canada Matthieu Couture, Public Safety Canada, Canada Mourad Debbabi, Concordia University, Canada José M. Fernandez, École Polytechnique de Montréal, Canada Richard Ford, Florida Institute of Technology, USA Jean-Yves Marion, Université de Lorraine, France Andreas Marx, AV Test, Germany Igor Muttik, McAfee, United Kingdom Lisa Myers, Intego, USA Stephen Neville, University of Victoria, Canada Anil Somayaji, Carleton University, Canada Syrine Tlili, École supérieure des technologies et d’informatique, Tunisia Randy Vaughn, Baylor University, USA |
|