Since its inception in 1997, the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) has established itself as a venue where leading researchers and practitioners from academia, industry, and the government are given the opportunity to present novel research in a unique venue to an engaged and lively community.

The conference is known for the quality and thoroughness of the reviews of the papers submitted, the desire to build a bridge between research carried out in different communities, and the emphasis given on the need for sound experimental methods and measurement to improve the state of the art in cybersecurity.

This year we are soliciting research papers on topics covering all well-motivated computer security problems. We care about techniques that identify new real-world threats, techniques to prevent them, to detect them, to mitigate them or to assess their prevalence and their consequences. Measurement papers are encouraged, as well as papers offering public access to new tools or datasets, or experience papers that clearly articulate important lessons learned. Specific topics of interest to RAID include, but are not limited to:

• Computer, network, and cloud computing security
• Malware and unwanted software
• Program analysis and reverse engineering
• Mobile Security
• Web security and privacy
• Vulnerability analysis techniques
• Usable security and privacy
• Intrusion detection and prevention
• Hardware security
• Cyber physical systems security and threats against critical infrastructures
• IoT security
• Statistical and adversarial learning for computer security
• Cyber crime and underground economies
• Denial-of-Service attacks and defenses
• Security measurement studies
• Digital forensics

Papers will be judged on novelty, significance, correctness, and clarity. We expect all papers to provide enough detail to enable reproducibility of their experimental results. We encourage authors to make both the tools and data publicly available.

Papers

Paper submissions should be at most 11 typeset pages, excluding bibliography and well-marked appendices. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of the paper on which your work is to be evaluated or to provide details that would only be of interest to a small minority of readers. There is no limit on the length of the bibliography and appendices but reviewers are not required to read any appendices so the paper should be self-contained without them. Once accepted, papers must be reformatted to fit in 16 pages, including bibliography and any appendices.

Papers should be typeset on U.S. letter-sized pages in two-column format in 10-point Times Roman type on 12-point leading (single-spaced), in a text block 7" x 9" deep. If you wish, please make use of USENIX's LaTeX template and style files when preparing your paper for submission. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Papers can be submitted on the following web site: https://raid19.syssec.rub.de/

New this year: Proceedings by USENIX

Papers that have been formally reviewed and accepted will be presented at RAID 2019 and published in the Symposium Proceedings. By submitting a paper, you agree that at least one of the authors will attend the conference to present it. For the first time, Proceedings will be published by USENIX. The Proceedings will be available online on the opening day of the Symposium under an open access license. USENIX also allows authors to retain ownership of the copyright in their works, requesting only that USENIX be granted the right to be the first publisher of that work. See the sample consent form for the complete terms of publication.

Submission

Reviewing will be double-blind, meaning the authors’ identities will be hidden from the reviewers. All papers must be appropriately anonymized: author names or affiliations must not appear in the submission, you must refer to your own prior work in the third person, you should not give the paper a title that corresponds to a publicly available technical report, and should anonymize the bibliographic section in an appropriate manner, etc. Papers that are not properly anonymized may be rejected without review. While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc. during the review process.

All submissions will be judged on originality, relevance, correctness, and clarity. Submissions must not substantially duplicate work that has already been published elsewhere or submitted in parallel to a journal or to any other conference or workshop with proceedings. Simultaneous submission of the same work to multiple venues, submission of previously published work, and plagiarism constitute dishonesty or fraud. RAID, like other scientific and technical conferences and journals, prohibits these practices and may, on the recommendation of the program chair, take action against authors who have committed them. RAID abides with policies for plagiarism, submission confidentiality, reviewer anonymity, and prior and concurrent paper submission that mirror those of the ACM (see http://www.acm.org/publications/policies/).

Human Subjects and Ethical Considerations

Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

• 1. Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards (e.g., an IRB).
• 2. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If the submission deals with vulnerabilities (e.g., software vulnerabilities in a given program or design weaknesses in a hardware system), the authors need to discuss in detail the steps they have already taken or plan to take to address these vulnerabilities (e.g., by disclosing vulnerabilities to the vendors). The same applies if the submission deals with personally identifiable information (PII) or other kinds of sensitive data. If a paper raises significant ethical and legal concerns, it might be rejected based on these concerns.

Authors who are unsure whether their submissions might meet these guidelines, or who have specific questions about the guidelines, are welcome to contact the program committee chair at thorsten.holz@rub.de