On behalf of the Program Committee, it is my pleasure to present the p- ceedings of the 5th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Every year since 2004 DIMVA has brought together leading researchers and practitionersfromacademia,governmentandindustrytopresentanddiscussnovel security research. DIMVA is organized by the Security¿Intrusion Detection and Response(SIDAR)specialinterestgroupoftheGermanInformaticsSociety(GI). The DIMVA 2008 Program Committee received 42 submissions from 16 d- ferent countries, and from governmental,industrial and academic organizations. All the submissions were carefully reviewed by several members of the Program Committee and evaluated on the basis of scienti?c novelty, importance to the ?eld and technical quality. The ?nal selection took place at the Program C- mittee meeting held on March 28, 2008 at the IBM Zu ¿rich Research Laboratory in Switzerland. Thirteen full papers and one extended abstract were selected for presentation and publication in the conference proceedings. The conference took place during July 10-11, 2008, in the France T¿ el¿ ecom R&D/Orange Labs premises of Issy les Moulineaux, near Paris, France, with the program grouped into ?ve sessions. Two keynote speeches were presented by Richard Bejtlich (Director of Incident Response, General Electric) and by Tal Gar?nkel (VMware Inc./Stanford University). The conference program also included a rump session organized by Sven Dietrich of the Stevens Institute of Technology, in which recent research results, works in progress,and other topics of interest to the community were presented.

Attack Prevention.- Data Space Randomization.- XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks.- VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges.- Malware Detection and Prevention (I).- Dynamic Binary Instrumentation-Based Framework for Malware Defense.- Embedded Malware Detection Using Markov n-Grams.- Learning and Classification of Malware Behavior.- Attack Techniques and Vulnerability Assessment.- On Race Vulnerabilities in Web Applications.- On the Limits of Information Flow Techniques for Malware Analysis and Containment.- Malware Detection and Prevention (II).- Expanding Malware Defense by Securing Software Installations.- FluXOR: Detecting and Monitoring Fast-Flux Service Networks.- Traffic Aggregation for Malware Detection.- Intrusion Detection and Activity Correlation.- The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors.- The Quest for Multi-headed Worms.- A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems.