This book constitutes the refereed post-proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2012, held in Heraklion, Crete, Greece, in July 2012. The 10 revised full papers presented together with 4 short papers were carefully reviewed and selected from 44 submissions. The papers are organized in topical sections on malware, mobile security, secure design, and intrusion detection systems (IDS).

Effective response to misuse or abusive activity in IT systems requires the capability to detect and understand improper activity. Intrusion Detection Systems observe IT activity, record these observations in audit data, and analyze the collected audit data to detect misuse. Privacy-Respecting Intrusion Detection introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection. Also, it limits the recovery of personal data to pseudonyms involved in a detected misuse scenario. The book includes case studies demonstrating this theory, and solutions that are constructively validated by providing algorithms.

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 6th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Since 2004, DIMVA annually brings together leading researchers and practitioners from academia, government and industry to present and discuss novel security research. DIMVA is organized by the Special Interest Group Security-Intrusion Detection and Response (SIDAR)-of the German Inf- matics Society (GI). The DIMVA 2009 Program Committee received 44 submissions from ind- trial and academic organizations from 17 di?erent countries. Each submission was carefully reviewed by at least three Program Committee members or ext- nal experts. The submissions were evaluated on the basis of scienti?c novelty, importance to the ?eld and technical quality. The ?nal selection took place at the Program Committee meeting held on March 23, 2009, in Brussels, Belgium. Ten full papers and three extended abstracts were selected for presentation and publication in the conference proceedings. TheconferencetookplaceduringJuly9-10,2009,atVillaGallia,LakeComo, Italy, with the program grouped into ?ve sessions. Two keynote speeches were presented by Richard A. Kemmerer (University of California, Santa Barbara) and HenryStern (Ironport/ Cisco).The conferenceprogramwascomplemented by the Capture-the-Flag contest CIPHER (Challenges in Informatics: Progr- ming, Hosting and ExploRing) organized by Lexi Pimenidis (iDev GmbH) and a rump session organized by Sven Dietrich (Stevens Institute of Technology). A successful conference is the result of the joint e?ort of many people. In particular, we would like to thank all the authors who submitted contributions.

Effective response to misuse or abusive activity in IT systems requires the capability to detect and understand improper activity. Intrusion Detection Systems observe IT activity, record these observations in audit data, and analyze the collected audit data to detect misuse. Privacy-Respecting Intrusion Detection introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection. Also, it limits the recovery of personal data to pseudonyms involved in a detected misuse scenario. The book includes case studies demonstrating this theory, and solutions that are constructively validated by providing algorithms.