05. – 10. Februar 2012, Dagstuhl Seminar 12061

Network Attack Detection and Defense Early Warning Systems - Challenges and Perspectives


Georg Carle (TU München, DE)
Hervé Debar (Télécom & Management SudParis – Evry, FR)
Hartmut König (BTU Cottbus, DE)
Jelena Mirkovic (USC – Marina del Rey, US)

1 / 2 >

Auskunft zu diesem Dagstuhl Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 2, Issue 2 Dagstuhl Report
Gemeinsame Dokumente
Dagstuhl's Impact: Dokumente verfügbar
Programm des Dagstuhl Seminars [pdf]


The objective of the seminar was to discuss new challenges, technologies, and architectures in the area of network attack detection and defense. The focus of this seminar laid in particular on early warning systems, malware detection, and the protection of critical infrastructures, but also other recently emerging topics were supposed to be discussed. On this account, the seminar consisted of plenary sessions with technical talks and various breakout sessions. Beside the topics mentioned above two other topics on recently emerging issues were added, namely cyber crime versus cyber war and the protection of cyber-physical systems.

The seminar started off with an introductory session in which all participants shortly introduced themselves and discussed the focus and the structure of the seminar. Thereafter the first topic Challenges on Early Warning Systems and Malware Detection was raised. Michael Meier gave a state of the art talk on the development of early warning systems in the last years and open issues. Felix C. Freiling and Falko Dressler reported on the results of their projects in this field with the German Federal Office for Information Security (BSI). Jan Kohlrausch gave an overview of the experience with the deployment of early warning systems in practice with the DFN-CERT. In the afternoon the first breakout sessions were held. The topics discussed were the Future of Early Warning Systems, Cloud Security, and Teaching IT Security.

Tuesday was devoted to the topic Protection of Critical Infrastructures. Introductory talks of the various aspects and challenges for protecting critical infrastructures were given by Stephen Wolthusen and Corrado Leita, followed by technical talks by Franka Schuster and Andreas Paul about a project for protecting supervisory control and data acquisition (SCADA) networks, by Simin Nadjm-Tehrani on the security of smart meters, and by Georg Carle, Lothar Braun and Holger Kinkelin on large-scale vulnerability assessment. In the afternoon Jens Tölle spoke about the protection of IP infrastructures with model-based cyber defense situational awareness. After coffee break we continued with two further breakout sessions on Information Security for Novel Devices and Fighting against Botnets.

Wednesday morning was devoted to two special topics which have emerged recently: Security of Cyber-Physical Systems and Cyber Crime versus Cyber War. Nils Aschenbruck gave an introductory talk to the first topic reflecting the evolution from sensor networks to cyber-physical systems. Falko Dressler addressed in his talk the security challenges for future nano communication. The discussion on this topic was continued in the breakout session on Thursday. The second topic was opened by Felix C. Freiling posing various questions about the differences between malware for the masses and exclusive malware, and how to detect them as basis for a longer discussion in the auditorium. Gabi Dreo Rodosek then elucidated at length the issue in her talk about cyber defense. In the afternoon we made a nice trip to the historic city of Trier. The pretty cold weather there gave many opportunities to continue the discussions in warm coffee shops.

On Thursday morning we commenced with two talks by Pavel Laskov and Konrad Rieck on Malware Detection which dealt especially with machine learning aspects. Sven Dietrich added a talk on his SkyNET project about the use of drones to launch attacks on wireless networks. Thereafter we continued the topic on the protection of critical infrastructures with the focus on new challenges in deep packet inspection. Radu State began with a talk on the semantic exploration of DNS domains. René Rietz continued with a talk on the increasing threat by attacks over the web. After lunch Robin Sommer introduced the new version of the intrusion detection system (IDS) Bro. Alexander von Gernler reported about the current practice of application level firewalling and virus scanning from the perspective of a firewall manufacturer. Finally, Michael Vogel presented an approach for a dynamically adapting multi-agent intrusion detection system which copes with the growing gap between the evolution of network bandwidth and the single-thread performance of today's CPU architectures. After the coffee break, two further breakout sessions on cyber-physical systems and smart energy grids took place.

Friday morning hosted two talks by Bettina Schnor and Simin Nadjm-Tehrani on IPv6 security and anomaly detection in mobile networks. After that we concluded the seminar with a discussion about the seminar outcome and possible future seminars.


The seminar was well-received by all participants. It gave a good opportunity to inform about current challenges in the area of network attack detection and defense and discuss possible countermeasures. Especially the breakout sessions found a great acceptance. The participants further liked much the possibility to have detailed discussions with colleagues outside the official program. They regret that not all invited foreign scientist accepted the invitation. They will advertise more strongly for this seminar. All participants agreed that proposal for another seminar should be submitted. There are two concrete contributions of this seminar:

  1. Current research results of eight participating groups were published in special issue of the journal PIK 1/2012 which is especially devoted to this Dagstuhl seminar.
  2. The discussion during the breakout session on cyber-physical systems showed that there is still an unclear picture on the security challenges to these systems. This raised the idea to apply for a Dagstuhl perspective workshop to discuss in detail the security challenges for protecting cyber-physical systems and to define them in a manifesto as working base for further research activities. The proposal has been submitted meanwhile.

Related Dagstuhl Seminar


  • Networks / Security


  • Early warning systems
  • Critical infrastructure protection
  • Botnets
  • Intrusion detection
  • Malware assessment
  • Vulnerability analysis
  • Network monitoring
  • Flow analysis
  • Denial-of-service detection and response
  • Event correlation
  • Attack response and countermeasures


Bücher der Teilnehmer 

Buchausstellung im Erdgeschoss der Bibliothek

(nur in der Veranstaltungswoche).


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.