TOP
Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Seminars
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Publishing
Within this website:
External resources:
dblp
Within this website:
External resources:
  • the dblp Computer Science Bibliography


Please select your role
to obtain appropriate quick-links.
As a LIPIcs/OASIcs author, you will be invited by e-mail to register at the Dagstuhl Submission Server. The server will guide you through the publication workflow. Preliminary information can be found here:
Quick Links

Dagstuhl Seminar 23431

Network Attack Detection and Defense – AI-Powered Threats and Responses

( Oct 22 – Oct 27, 2023 )
(Click in the middle of the image to enlarge)
Permalink
Please use the following short url to reference this page: https://www.dagstuhl.de/23431
Organizers
Coordinator
  • Pavel Laskov (Universität Liechtenstein, LI)
Contact
Publications
Impacts
Schedule
Summary
Show Summary

Computer networks and the services they provide have become indispensable tools these days. Consequently, they are also a popular target for attacks that are constantly increasing in complexity and sophistication. Although there are a variety of effective systems to counter such attacks, like firewalls or intrusion detection systems (IDSs), the immense diversity and number of threats make it difficult for system administrators to keep pace with the alerts triggered and respond within adequate time limits.

This problem will intensify in the future. There are signs that attacks will become more and more automated, as, for instance, indicated by the 2016 DARPA Cyber Grand Challenge in which automation of attacks was a main focus and the basic feasibility was demonstrated. Another indication of a higher degree of automation is advanced malware where Large-Language-Models (LLMs) start to get applied to craft highly sophisticated phishing emails. Experts already foresee that more and more AI mechanisms will find their way into such malware. This leads to the conclusion that we will soon face a situation in which malware and attacks will become more and more automated, intelligent, and AI-powered.

As a consequence, today's threat response systems will become more and more inadequate, especially where they rely on manual intervention of security experts and analysts. Hence, the deployment of automation and AI is the only way to attain and retain a strategic advantage in the arm's race between the attack and the defense. Usage of AI mechanisms is already the case in some security mechanisms like anomaly-detecting IDSs or virus scanners. But one could easily imagine substantially higher degrees of AI-based automation in system defense. However, automated defense may also be a double edged sword as it could be misused by attackers to trigger counterproductive responses.

In this Dagstuhl Seminar, we together with all the participants therefore tried to assess the state of the art and potentials that AI advances create for both attackers and defenders because we believe it is crucial to consider both sides when discussing the relation between AI and security.

In particular, the seminar pursued the following objectives:

  1. Investigate various attack scenarios and attacker models of AI-based malware and attacks,
  2. Map the space of AI-based security countermeasures going beyond the usual anomaly-based intrusion detection systems,
  3. Discuss where else AI-based methods are or could be employed, and
  4. Discuss how to estimate and predict the impact of countermeasures and possible side effects.

To provide initial material for such discussions, we had three keynotes by distinguished speakers. Pavel Laskov proposed "Three Faces of AI in Cybersecurity" providing a thorough account of how AI could be used in defense, for offensive purpose, and how AI itself can be an attack target. Konrad Rieck took a deep dive into the first aspect in his keynote "Bumpy Road of AI-based Attack Detection." Finally, Robin Sommer completed the picture by looking "Beyond Detection: Revisiting AI For Effective Network Security Monitoring." Those presentations were complemented by a number of short lightning talks given by our participants to introduce the audience to various current research.

A significant share of the seminar's time was spent in working groups, with participants discussing individual aspects of interest. The topics for those working groups were partly solicited before the seminar and then finally determined on the first day. Specifically, the topics were:

  1. Assessment of AI-Based Attacks in Cybersecurity,
  2. Security of Large Language Models,
  3. Trust in AI and Modeling of Threats against AI in Network Defense, and
  4. AI-Powered Network Defenses

The working groups report on their individual results in the full report. In order to bring all these findings together and distill outcomes and an outlook into what could be next steps, we used the format of a World Café where in the afternoon of day 4, people split into small groups to provide their input on five pre-defined questions. As groups were shuffled randomly after every 20 minutes, everyone joined each World Café table and discussed each of the questions. The outcomes then formed the basis for our wrap-up session on Friday morning.

The seminar was originally proposed and prepared together with Marc C. Dacier from KAUST who couldn’t attend the seminar at the last minute. We owe him many ideas and contributions during the preparation phase. Pavel Laskov was so kind as to fill the empty slot on short notice.

Copyright Sven Dietrich, Artur Hermann, Frank Kargl, Hartmut König, and Pavel Laskov
Motivation
Show Motivation

Computer networks and the services they provide have become indispensable tools these days. Consequently, they are also a popular target for attacks that are constantly increasing in complexity and sophistication. Although there are a variety of effective systems to counter such attacks, like firewalls or intrusion detection systems, the immense diversity and number of threats make it difficult for system administrators to keep pace with the alerts triggered and respond within adequate time limits.

This problem will intensify in the future. There are signs that attacks will become more and more automated, as, for instance, indicated by the 2016 DARPA Cyber Grand Challenge in which automation of attacks was a main focus and its basic feasibility was demonstrated. Another indication of a higher degree of automation is advanced malware like Emotet that crafts highly sophisticated phishing emails based on texts found in the Inbox of infected computers to target contacts of victims. Experts already foresee that more and more AI mechanisms will find their way into such malware. This leads us and others to the conclusion that we will soon face a situation in which malware and attacks will become more and more automated, intelligent, and AI-powered.

As a consequence, today’s threat response systems will become more and more inadequate, esp. where they rely on manual intervention of security experts and analysts. So, defenders need to consider whether automation and AI can also give a strategic advantage to them. Usage of AI mechanisms is already the case in some security mechanisms like anomaly-detecting IDSs or virus scanners. But one could imagine substantially higher degrees of AI-based automation in system defense. However, automated defense is a double edged sword as it could be misused by attackers to trigger counterproductive responses.

In this Dagstuhl Seminar, we will therefore assess the state of the art and potentials that AI advances create for both attackers and defenders because we believe it is crucial to consider both sides when discussing the relation between AI and security. In particular, we pursue the following objectives:

  1. We will investigate various attack scenarios and attacker models of AI-based malware and attacks.
  2. We will map the space of AI-based security countermeasures going beyond the usual anomaly-based intrusion detection systems, discussing also where else AI-based methods are or could be employed.
  3. We want to foster a discussion on how to estimate and predict the impact of countermeasures and possible side effects?
  4. Based on the outcome of objectives (1) – (3), we will develop the vision of AI-based self-defending networks, defining the requirements and outline their limits.

As the agenda is planned in a highly integrated way, we strongly encourage the participants to join the full five days of the seminars.

Copyright Marc C. Dacier, Sven Dietrich, Frank Kargl, and Hartmut König
Participants
Show Participants
  • Ilies Benhabbour (KAUST - Thuwal, SA) [dblp]
  • Sebastian Böhm (ZITiS - München, DE) [dblp]
  • Christian Bungartz (Universität Bonn, DE) [dblp]
  • Georg Carle (TU München - Garching, DE) [dblp]
  • Marco Caselli (Siemens - München, DE) [dblp]
  • Hervé Debar (Télécom SudParis, FR) [dblp]
  • Sven Dietrich (City University of New York, US) [dblp]
  • Daniel Fraunholz (ZITiS - München, DE) [dblp]
  • Artur Hermann (Universität Ulm, DE) [dblp]
  • Peter Herrmann (NTNU - Trondheim, NO) [dblp]
  • Marko Jahnke (BSI - Bonn, DE) [dblp]
  • Frank Kargl (Universität Ulm, DE) [dblp]
  • Stephan Kleber (Universität Ulm, DE) [dblp]
  • Jan Kohlrausch (DFN-CERT Services GmbH, DE) [dblp]
  • Hartmut König (ZITiS - München, DE) [dblp]
  • Nicolas Kourtellis (Telefónica Research - Barcelona, ES) [dblp]
  • Chethan Krishnamurthy Ramanaik (Universität der Bundeswehr - München, DE) [dblp]
  • Pavel Laskov (Universität Liechtenstein, LI) [dblp]
  • Emil C. Lupu (Imperial College London, GB) [dblp]
  • Michael Meier (Universität Bonn, DE) [dblp]
  • Andreas Mitschele-Thiel (TU Ilmenau, DE) [dblp]
  • Simin Nadjm-Tehrani (Linköping University, SE) [dblp]
  • Eirini Ntoutsi (Universität der Bundeswehr München, DE) [dblp]
  • Andriy Panchenko (BTU Cottbus, DE) [dblp]
  • Delphine Reinhardt (Universität Göttingen, DE) [dblp]
  • Konrad Rieck (TU Berlin, DE) [dblp]
  • Vera Rimmer (KU Leuven, BE) [dblp]
  • Bettina Schnor (Universität Potsdam, DE) [dblp]
  • Thomas Schreck (Hochschule München, DE) [dblp]
  • Max Schrötter (Universität Potsdam, DE) [dblp]
  • Robin Sommer (Corelight - Planegg, DE) [dblp]
  • Jessica Steinberger (Hochschule Mannheim, DE) [dblp]
Related Seminars
  • Dagstuhl Seminar 12502: Securing Critical Infrastructures from Targeted Attacks (2012-12-09 - 2012-12-12) (Details)
  • Dagstuhl Seminar 14292: Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (2014-07-13 - 2014-07-16) (Details)
  • Dagstuhl Seminar 16361: Network Attack Detection and Defense - Security Challenges and Opportunities of Software-Defined Networking (2016-09-04 - 2016-09-09) (Details)
Classification
  • Artificial Intelligence
  • Cryptography and Security
  • Networking and Internet Architecture
Keywords
  • cybersecurity
  • machine learning
  • artificial intelligence
  • intrusion detection
Seminar 23431
© 2025 Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH
ImprintContactAccessibilityPrivacy