Dagstuhl Seminar 12061
Network Attack Detection and Defense Early Warning Systems – Challenges and Perspectives
( Feb 05 – Feb 10, 2012 )
- Georg Carle (TU München, DE)
- Hervé Debar (Télécom & Management SudParis - Evry, FR)
- Hartmut König (BTU Cottbus, DE)
- Jelena Mirkovic (USC - Marina del Rey, US)
- Annette Beyer (for administrative matters)
The objective of the seminar was to discuss new challenges, technologies, and architectures in the area of network attack detection and defense. The focus of this seminar laid in particular on early warning systems, malware detection, and the protection of critical infrastructures, but also other recently emerging topics were supposed to be discussed. On this account, the seminar consisted of plenary sessions with technical talks and various breakout sessions. Beside the topics mentioned above two other topics on recently emerging issues were added, namely cyber crime versus cyber war and the protection of cyber-physical systems.
The seminar started off with an introductory session in which all participants shortly introduced themselves and discussed the focus and the structure of the seminar. Thereafter the first topic Challenges on Early Warning Systems and Malware Detection was raised. Michael Meier gave a state of the art talk on the development of early warning systems in the last years and open issues. Felix C. Freiling and Falko Dressler reported on the results of their projects in this field with the German Federal Office for Information Security (BSI). Jan Kohlrausch gave an overview of the experience with the deployment of early warning systems in practice with the DFN-CERT. In the afternoon the first breakout sessions were held. The topics discussed were the Future of Early Warning Systems, Cloud Security, and Teaching IT Security.
Tuesday was devoted to the topic Protection of Critical Infrastructures. Introductory talks of the various aspects and challenges for protecting critical infrastructures were given by Stephen Wolthusen and Corrado Leita, followed by technical talks by Franka Schuster and Andreas Paul about a project for protecting supervisory control and data acquisition (SCADA) networks, by Simin Nadjm-Tehrani on the security of smart meters, and by Georg Carle, Lothar Braun and Holger Kinkelin on large-scale vulnerability assessment. In the afternoon Jens Tölle spoke about the protection of IP infrastructures with model-based cyber defense situational awareness. After coffee break we continued with two further breakout sessions on Information Security for Novel Devices and Fighting against Botnets.
Wednesday morning was devoted to two special topics which have emerged recently: Security of Cyber-Physical Systems and Cyber Crime versus Cyber War. Nils Aschenbruck gave an introductory talk to the first topic reflecting the evolution from sensor networks to cyber-physical systems. Falko Dressler addressed in his talk the security challenges for future nano communication. The discussion on this topic was continued in the breakout session on Thursday. The second topic was opened by Felix C. Freiling posing various questions about the differences between malware for the masses and exclusive malware, and how to detect them as basis for a longer discussion in the auditorium. Gabi Dreo Rodosek then elucidated at length the issue in her talk about cyber defense. In the afternoon we made a nice trip to the historic city of Trier. The pretty cold weather there gave many opportunities to continue the discussions in warm coffee shops.
On Thursday morning we commenced with two talks by Pavel Laskov and Konrad Rieck on Malware Detection which dealt especially with machine learning aspects. Sven Dietrich added a talk on his SkyNET project about the use of drones to launch attacks on wireless networks. Thereafter we continued the topic on the protection of critical infrastructures with the focus on new challenges in deep packet inspection. Radu State began with a talk on the semantic exploration of DNS domains. René Rietz continued with a talk on the increasing threat by attacks over the web. After lunch Robin Sommer introduced the new version of the intrusion detection system (IDS) Bro. Alexander von Gernler reported about the current practice of application level firewalling and virus scanning from the perspective of a firewall manufacturer. Finally, Michael Vogel presented an approach for a dynamically adapting multi-agent intrusion detection system which copes with the growing gap between the evolution of network bandwidth and the single-thread performance of today's CPU architectures. After the coffee break, two further breakout sessions on cyber-physical systems and smart energy grids took place.
Friday morning hosted two talks by Bettina Schnor and Simin Nadjm-Tehrani on IPv6 security and anomaly detection in mobile networks. After that we concluded the seminar with a discussion about the seminar outcome and possible future seminars.
The seminar was well-received by all participants. It gave a good opportunity to inform about current challenges in the area of network attack detection and defense and discuss possible countermeasures. Especially the breakout sessions found a great acceptance. The participants further liked much the possibility to have detailed discussions with colleagues outside the official program. They regret that not all invited foreign scientist accepted the invitation. They will advertise more strongly for this seminar. All participants agreed that proposal for another seminar should be submitted. There are two concrete contributions of this seminar:
- Current research results of eight participating groups were published in special issue of the journal PIK 1/2012 which is especially devoted to this Dagstuhl seminar.
- The discussion during the breakout session on cyber-physical systems showed that there is still an unclear picture on the security challenges to these systems. This raised the idea to apply for a Dagstuhl perspective workshop to discuss in detail the security challenges for protecting cyber-physical systems and to define them in a manifesto as working base for further research activities. The proposal has been submitted meanwhile.
- Nils Aschenbruck (Universität Osnabrück, DE) [dblp]
- Lothar Braun (TU München, DE) [dblp]
- Roland Büschkes (RWE IT GmbH - Essen, DE)
- Georg Carle (TU München, DE) [dblp]
- Hervé Debar (Télécom & Management SudParis - Evry, FR) [dblp]
- Sven Dietrich (Stevens Institute of Technology, US) [dblp]
- Till Dörges (PRESENSE Technologies GmbH - Hamburg, DE)
- Gabi Dreo Rodosek (Universität der Bundeswehr - München, DE) [dblp]
- Falko Dressler (Universität Innsbruck, AT) [dblp]
- Ulrich Flegel (University of Applied Sciences - Stuttgart, DE) [dblp]
- Felix Freiling (Universität Erlangen-Nürnberg, DE) [dblp]
- Elmar Gerhards-Padilla (Fraunhofer FKIE - Wachtberg, DE) [dblp]
- Peter Herrmann (NTNU - Trondheim, NO) [dblp]
- Marko Jahnke (Fraunhofer FKIE - Wachtberg, DE) [dblp]
- Holger Kinkelin (TU München, DE)
- Jan Kohlrausch (DFN-CERT Services GmbH, DE) [dblp]
- Hartmut König (BTU Cottbus, DE) [dblp]
- Pavel Laskov (Universität Tübingen, DE) [dblp]
- Corrado Leita (Symantec Research Labs - Sophia Antipolis, FR) [dblp]
- Michael Meier (TU Dortmund, DE) [dblp]
- Simin Nadjm-Tehrani (Linköping University, SE) [dblp]
- Andreas Paul (BTU Cottbus, DE) [dblp]
- Aiko Pras (University of Twente, NL) [dblp]
- Konrad Rieck (Universität Göttingen, DE) [dblp]
- Rene Rietz (BTU Cottbus, DE) [dblp]
- Sebastian Schmerl (AGT International - Berlin, DE) [dblp]
- Bettina Schnor (Universität Potsdam, DE) [dblp]
- Franka Schuster (BTU Cottbus, DE)
- Robin Sommer (ICSI - Berkeley, US) [dblp]
- Radu State (University of Luxembourg, LU) [dblp]
- Jens Tölle (Fraunhofer FKIE - Wachtberg, DE) [dblp]
- Michael Vogel (BTU Cottbus, DE)
- Alexander von Gernler (genua GmbH - Kirchheim bei München, DE) [dblp]
- Stephen Wolthusen (Royal Holloway University of London, GB) [dblp]
- Dagstuhl Perspectives Workshop 08102: Network Attack Detection and Defense (2008-03-02 - 2008-03-06) (Details)
- Networks / Security
- Early warning systems
- critical infrastructure protection
- intrusion detection
- malware assessment
- vulnerability analysis
- network monitoring
- flow analysis
- denial-of-service detection and response
- event correlation
- attack response and countermeasures