Quicklinks
The CISPA Building

Threat Detection and Defenses

Attack-detection mechanisms should able to reliably detect, predict, and understandably explain both known and novel threats, while also being able to cope with evasion techniques (like obfuscation, polymorphism, or stealth low-volume attacks). It should not just be able to detect any critical incident, but also only raise alarms when it matters; the more false alarms are raised, the higher the risk that users will ignore warnings or even disable the detection permanently. Moreover, to provide a strong line of defense, attack detection methods should be complemented by suitable defensive technologies, ideally selected autonomously by the system under attack, to counter whatever threat it encounters. In this research area we pursue this ideal, currently amongst others by focusing on the detection and analysis of modern malware, on the prevention and attribution of DDoS attacks, and on the identification and mitigation of novel system vulnerabilities.

Members

Most Recent Publications

Title Date Authors Meta
 2019
IEEE S&P
2019
 Saba Eskandarian, Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia, Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes, Giancarlo Pellegrino, Dan Boneh
 S&P 2019
 2019
NDSS
2019
 Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, Li Zhiqiang
 NDSS Symposium 2019
 2018
RAID
2018
 Jonas Bushart, Christian Rossow
 Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
 2018
2018
 Michael Brengel, Christian Rossow
 Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
 2018
2018
 Jonas Bushart
 12th USENIX Workshop on Offensive Technologies (WOOT 18)