This book constitutes the proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, RAID 2011, held in Menlo Park, CA, USA in September 2011. The 20 papers presented were carefully reviewed and selected from 87 submissions. The papers are organized in topical sections on application security; malware; anomaly detection; Web security and social networks; and sandboxing and embedded environments.

OnbehalfoftheProgramCommittee, itisourpleasuretopresenttoyouthep- ceedings of the 4th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Each year DIMVA brings - gether internationalexperts from academia, industry andgovernmentto present and discuss novel security research. DIMVA is organized by the special interest group Security-Intrusion Detection and Response of the German Informatics Society (GI). The DIMVA 2007 Program Committee received 57 submissions from 20 d- ferentcountries. Allsubmissions werecarefullyreviewedbyProgramCommittee members and external experts according to the criteria of scienti?c novelty, - portance to the ?eld and technical quality. The ?nal selection took place at a Program Committee meeting held on March 31, 2007, at Universit a Campus Bio-Medico di Roma, Italy. Twelve full papers and two extended abstracts were selectedforpresentationatthe conferenceandpublicationin theconferencep- ceedings. The conference took place during July 12-13, 2007, at the University of Applied Sciences and Arts Lucerne (HTA Lucerne) in Switzerland. The p- gram featured both theoretical and practical research results grouped into ?ve sessions. ThekeynotespeechwasgivenbyVern Paxson, InternationalComputer Science Institute and Lawrence Berkeley National Laboratory. Another invited talk was presented by Marcelo Masera, InstitutefortheProtection and Security of the Citizen. Peter Trachsel, Deputy Head of the Federal Strategic Unit for IT in Switzerland, gave a speech during the conference dinner. The conference programfurther included a rump sessionorganizedby Sven Dietrich of Carnegie Mellon University; and it was complemented by the third instance of the Eu- pean capture-the-?ag contest CIPHER, organized by Lexi Pimenidis of RWTH Aache

Network intrusion detection systems (NIDS) continuously monitor network traffic for malicious activity, raising alerts when detecting attacks. However, high-performance Gbps networks pose major challenges for these systems, and despite vendor promises they often fail to work reliably in such environments. In this work, we set out to understand the trade-offs involved in network intrusion detection, and we mitigate their impact on operational security monitoring. We base our study on extensive experience with several large-scale network environments where immense traffic diversity requires any NIDS to deal robustly with unexpected situations. We devise new mechanisms for a popular open-source NIDS that allow the operator to trade-off the quality of the detection with the system's resource demands, and we enable the NIDS to transparently share its state across instances, thereby multiplying the available amount of resources. We also improve the precision of the NIDS's detection by enabling it to incorporate different kinds of network context into its analysis.