The CISPA Building

Future attack-detection mechanisms must be able to reliably detect, predict, and understandably explain previously unknown threats. This in particular requires to cope with common and next-generation attacks and evasion techniques (like obfuscation, polymorphism, or stealth low-volume attacks). The number of false alarms (false positives) should be low: in cases where false alarms are raised frequently, users or system administrators might start to ignore warnings or - even worse - to disable detection solutions permanently. At the same time, modern detection and prevention mechanisms must not miss critical incidents. Attack detection methods should be complemented by suitable defensive technologies, ideally selected autonomously by the system under attack, especially in the realm of cyber warfare. In the last years, this research area has particularly focused on the detection of and analysis of modern malware, on the prevention and attribution of DDoS attacks, and on the identification and mitigation of novel system vulnerabilities.


Most Recent Publications

Title Date Authors Meta
MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps  2018  2018   Michael Brengel, Christian Rossow,  Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
Optimizing Recurrent Pulsing Attacks using Application-Layer Amplification of Open DNS Resolvers  2018  2018   Jonas Bushart,  12th USENIX Workshop on Offensive Technologies (WOOT 18)
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels  2018  2018   Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, Taesoo Kim,  In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA, May 2018.
teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts  2018  2018   Johannes Krupp, Christian Rossow,  27th USENIX Security Symposium (USENIX Security 18)