Dagstuhl Seminar 23431
Network Attack Detection and Defense – AI-Powered Threats and Responses
( Oct 22 – Oct 27, 2023 )
Permalink
Organizers
- Marc C. Dacier (KAUST - Thuwal, SA)
- Sven Dietrich (City University of New York, US)
- Frank Kargl (Universität Ulm, DE)
- Hartmut König (ZITiS - München, DE)
Coordinator
- Pavel Laskov (Universität Liechtenstein, LI)
Contact
- Michael Gerke (for scientific matters)
- Susanne Bach-Bernhard (for administrative matters)
Dagstuhl Reports
As part of the mandatory documentation, participants are asked to submit their talk abstracts, working group results, etc. for publication in our series Dagstuhl Reports via the Dagstuhl Reports Submission System.
- Upload (Use personal credentials as created in DOOR to log in)
Dagstuhl Seminar Wiki
- Dagstuhl Seminar Wiki (Use personal credentials as created in DOOR to log in)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Computer networks and the services they provide have become indispensable tools these days. Consequently, they are also a popular target for attacks that are constantly increasing in complexity and sophistication. Although there are a variety of effective systems to counter such attacks, like firewalls or intrusion detection systems, the immense diversity and number of threats make it difficult for system administrators to keep pace with the alerts triggered and respond within adequate time limits.
This problem will intensify in the future. There are signs that attacks will become more and more automated, as, for instance, indicated by the 2016 DARPA Cyber Grand Challenge in which automation of attacks was a main focus and its basic feasibility was demonstrated. Another indication of a higher degree of automation is advanced malware like Emotet that crafts highly sophisticated phishing emails based on texts found in the Inbox of infected computers to target contacts of victims. Experts already foresee that more and more AI mechanisms will find their way into such malware. This leads us and others to the conclusion that we will soon face a situation in which malware and attacks will become more and more automated, intelligent, and AI-powered.
As a consequence, today’s threat response systems will become more and more inadequate, esp. where they rely on manual intervention of security experts and analysts. So, defenders need to consider whether automation and AI can also give a strategic advantage to them. Usage of AI mechanisms is already the case in some security mechanisms like anomaly-detecting IDSs or virus scanners. But one could imagine substantially higher degrees of AI-based automation in system defense. However, automated defense is a double edged sword as it could be misused by attackers to trigger counterproductive responses.
In this Dagstuhl Seminar, we will therefore assess the state of the art and potentials that AI advances create for both attackers and defenders because we believe it is crucial to consider both sides when discussing the relation between AI and security. In particular, we pursue the following objectives:
- We will investigate various attack scenarios and attacker models of AI-based malware and attacks.
- We will map the space of AI-based security countermeasures going beyond the usual anomaly-based intrusion detection systems, discussing also where else AI-based methods are or could be employed.
- We want to foster a discussion on how to estimate and predict the impact of countermeasures and possible side effects?
- Based on the outcome of objectives (1) – (3), we will develop the vision of AI-based self-defending networks, defining the requirements and outline their limits.
As the agenda is planned in a highly integrated way, we strongly encourage the participants to join the full five days of the seminars.

- Ilies Benhabbour (KAUST - Thuwal, SA) [dblp]
- Sebastian Böhm (ZITiS - München, DE) [dblp]
- Christian Bungartz (Universität Bonn, DE) [dblp]
- Georg Carle (TU München - Garching, DE) [dblp]
- Marco Caselli (Siemens - München, DE) [dblp]
- Hervé Debar (Télécom SudParis, FR) [dblp]
- Sven Dietrich (City University of New York, US) [dblp]
- Daniel Fraunholz (ZITiS - München, DE) [dblp]
- Artur Hermann (Universität Ulm, DE) [dblp]
- Peter Herrmann (NTNU - Trondheim, NO) [dblp]
- Marko Jahnke (BSI - Bonn, DE) [dblp]
- Frank Kargl (Universität Ulm, DE) [dblp]
- Stephan Kleber (Universität Ulm, DE) [dblp]
- Jan Kohlrausch (DFN-CERT Services GmbH, DE) [dblp]
- Hartmut König (ZITiS - München, DE) [dblp]
- Nicolas Kourtellis (Telefónica Research - Barcelona, ES) [dblp]
- Chethan Krishnamurthy Ramanaik (Universität der Bundeswehr - München, DE) [dblp]
- Pavel Laskov (Universität Liechtenstein, LI) [dblp]
- Emil C. Lupu (Imperial College London, GB) [dblp]
- Michael Meier (Universität Bonn, DE) [dblp]
- Andreas Mitschele-Thiel (TU Ilmenau, DE) [dblp]
- Simin Nadjm-Tehrani (Linköping University, SE) [dblp]
- Eirini Ntoutsi (Universität der Bundeswehr München, DE) [dblp]
- Andriy Panchenko (BTU Cottbus, DE) [dblp]
- Delphine Reinhardt (Universität Göttingen, DE) [dblp]
- Konrad Rieck (TU Berlin, DE) [dblp]
- Vera Rimmer (KU Leuven, BE) [dblp]
- Bettina Schnor (Universität Potsdam, DE) [dblp]
- Thomas Schreck (Hochschule München, DE) [dblp]
- Max Schrötter (Universität Potsdam, DE) [dblp]
- Robin Sommer (Corelight - Planegg, DE) [dblp]
- Jessica Steinberger (Hochschule Mannheim, DE) [dblp]
Related Seminars
- Dagstuhl Seminar 12502: Securing Critical Infrastructures from Targeted Attacks (2012-12-09 - 2012-12-12) (Details)
- Dagstuhl Seminar 14292: Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (2014-07-13 - 2014-07-16) (Details)
- Dagstuhl Seminar 16361: Network Attack Detection and Defense - Security Challenges and Opportunities of Software-Defined Networking (2016-09-04 - 2016-09-09) (Details)
Classification
- Artificial Intelligence
- Cryptography and Security
- Networking and Internet Architecture
Keywords
- cybersecurity
- machine learning
- artificial intelligence
- intrusion detection