ACM SIGCOMM 2018 Workshop on Traffic Measurements for Cybersecurity (WTMC 2018)
Workshop Program
- Opening
- Session I: Measurements of DDoS Attacks
-
8:50 am - 9:40 am Keynote I: DDoS: What Are the Scientific Challenges
Speaker: Aiko Pras (UT, Netherlands)
Location: InterContinental, Panorama Room II
-
10:05 am - 10:30 am How Media Reports Trigger Copycats: An Analysis of the Brewing of the Largest Packet Storm to Date
Vincent Ghiette and Christian Doerr (TU Delft, Netherlands)
-
10:30 am - 11:00 am Tea/Coffee Break
Location: InterContinental, Pre-Function Area
- Tea/Coffee Break
- Session II: Passive and Active Measurement of Attacks
-
11:00 am - 11:50 am Keynote II: Three Years in the Life of the Spoofer Project
Speaker: Matthew Luckie (Waikato, New Zealand)
Location: InterContinental, Panorama Room II
-
11:50 am - 12:15 pm Leveraging Controlled Information Sharing for Botnet Activity Detection
Calvin Ardi and John Heidemann (USC/ISI, USA)
-
12:15 pm - 12:40 pm Beyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements
Lionel Metongnon and Ramin Sadre (UCL, Belgium)
-
12:40 pm - 2:00 pm Lunch Break
Location: InterContinental, Pre-Function Area
- Lunch Break
- Session III: Traffic Measurements and Monitoring
-
2:00 pm - 2:50 pm Keynote III: Repeatable Research, Measurement, and Cybersecurity: Opportunity and Necessity
Speaker: Andrew Moore (Cambridge, UK)
Location: InterContinental, Panorama Room II
-
2:50 pm - 3:15 pm Evaluating the Impact of Traffic Sampling on AATAC's DDoS Detection
Gilles Roudière and Philippe Owezarski (LAAS-CNRS, France)
-
3:15 pm - 3:45 pm Tea/Coffee Break
Location: InterContinental, Pre-Function Area
- Tea/Coffee Break
- Session IV: Network Intrusion Detection and Analysis
-
3:45 pm - 4:10 pm BIGMOMAL - Big Data Analytics for Mobile Malware Detection
Sarah Wassermann (Inria, France), Pedro Casas (AIT, Austria)
-
4:10 pm - 4:35 pm Speculating Incident Zone System on Local Area Networks
Daichi Hasumi and Shigeyoshi Shima (NEC, Japan), Hiroki Takakura (NII, Japan)
-
4:35 pm - 5:00 pm How to Test an IDS? GENESIDS: An Automated System for Generating Attack Traffic
Felix Erlacher and Falko Dressler (Paderborn, Germany)
- Closing
Bio: Aiko Pras is Professor at the University of Twente (UT), the Netherlands,
where he is member of the Design and Analysis of Communication
Systems (DACS) group. His research interests include Internet
security, measurements and management, with a focus on
Flow-based measurements, DDoS defence, DNS and anycast. He has
chaired the IFIP Technical Committee on "Communications Systems"
(IFIP-TC6, 2013-2017), as well as the EU Future Internet cluster
(2012-2014). He has been coordinator of the European Network of
Excellence on "Management of the Future Internet"
(FLAMINGO, 2012-2017), and is currently "Beirat" of the
CODE Cybersecurity research institute in München. He has
been Series Editor of IEEE Communications Magazine, Associate Editor
of TNSM and JNSM, and is Steering Committee member of many
conferences, including IM, NOMS, CNSM, Networking and TMA.
Bio: Matthew Luckie is currently a senior lecturer in the Computer Science department at
Waikato. Prior to that, he was a research scientist (2014-2015) and a
postdoc (2012-2014) at CAIDA, UC San Diego, and a lecturer
(2006-2010) / senior lecturer (2011) at the University of Waikato. He
is the author of scamper, a packet-prober used in the Ark
project at CAIDA and Dyn Research
to collect IP-level Internet topology data. His
research interests include collecting
and analysing router and AS-level Internet topology data, routing and
performance in IPv6, troubleshooting of IP networks, particularly TCP
performance issues and deployment of Source Address Validation
(BCP38) via the spoofer project.
Bio: Andrew W. Moore, Reader in Systems of the Computer Laboratory (Department of
Computer Science and Technology), is a Chartered Engineer with long
running interests in the use of measurements to understand and manage
constrained resources, this specific topic has not prevented Andrew
having work ranging from high-performance computer interface design,
through system architecture, to physical line coding for novel
optical networks, reconfigurable systems for network research,
teaching, and prototyping, and early work applying machine-learning
to network control problems. Throughout this work Andrew has
been a champion of repeatable research principally through making
widely available both the datasets and detailed methodology of
research he and his group at Cambridge have published. Andrew
is the current lead of the NetFPGA project a successful effort to
support an open-source hardware/software combination to the winder
research, education, and prototyping community.
Overview
Computers and open communication networks have become increasingly interwoven with our daily lives and have profoundly changed our societies. While this has significantly increased people’s well being, our growing dependence on an increasingly pervasive, complex, and ever evolving network infrastructures also poses a wide range of cybersecurity risks with potentially large socio-economic impacts. From this perspective, network traffic measurements and monitoring have become a crucial line of research. It enables to enhance our understanding of cybersecurity threats and use this knowledge to further develop new ways to detect and mitigate them.
Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP “badness” or to estimate the revenue of cyber criminals.
The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.
The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches.
Topics of interest include, but are not limited to the following:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Machine learning and data mining for analysis of network traffic measurements for cybersecurity
- Novel approaches for large-scale crowd-sourcing measurements for cybersecurity
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users’ privacy
- Measurements related to network security and privacy
- Ethical issues in measurements for cybersecurity
Submissions
Papers will be accepted based on peer review (3 per paper) and should contain original, high quality work. All papers must be written in English. Authors are invited to submit regular papers (maximum 6 pages) via the workshop submission page https://sigcomm18wtmc.hotcrp.com. Papers must be single-spaced, double-column, 10pt font format. Authors are encouraged to use the latest ACM SIGCOMM template, that can be found at the ACM SIG Proceedings website. Failure to adhere to the page limit and formatting requirements will be grounds for rejection. Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference.
Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.
Papers accepted by the workshop will be published in the Conference Proceedings published by ACM SIGCOMM. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and quality of the presentation at WTMC 2018. The final decision will be made by co-chairs after the workshop.
Previous Workshops
Authors Take Note
The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to TWO WEEKS prior to the first day of the conference. The official publication date affects the deadline for any patent filings related to published work.
Registration
Attendance of the workshop is by open registration and subject to the same registration fees and rules as all the other SIGCOMM 2018 workshops. The registrants of the workshop may freely attend any workshop on the same day.
Camera-ready instructions
For the final paper to be published, please refer to Camera-ready instructions for workshops.
Important Dates
-
August 20, 2018
Workshop
-
June 10, 2018Camera-ready deadline
-
May 7, 2018Acceptance notification
-
April 08, 2018Submission deadline (extended)
Committees
- Workshop Chairs
-
Maciej Korczyński
Grenoble INP, France
-
Wojciech Mazurczyk
WUT, Poland
-
Pedro Casas
AIT, Austria
- Program Committee Members
-
Hadi Asghari
TU Delft, Netherlands
-
Elias Bou-Harb
FAU, USA
-
Krzysztof Cabaj
WUT, Poland
-
Eric Chan-Tin
OSU, USA
-
Alessandro Checco
Sheffield, UK
-
Michal Choras
ITTI, Poland
-
Luca Caviglione
CNR ISSIA, Italy
-
Richard Clayton
Cambridge, UK
-
Andrzej Duda
Grenoble INP, France
-
Simone Ferlin
IBM, Norway
-
Romain Fontugne
IIJ, Japan
-
Pawel Foremski
PAN, Poland
-
Oliver Gasser
TU Munich, Germany
-
Carlos H. Gañán
TU Delft, Netherlands
-
Amir Houmansadr
UMass, USA
-
Mobin Javed
LUMS, Pakistan and ICSI, USA
-
Artur Janicki
WUT, Poland
-
Joerg Keller
FU Hagen, Germany
-
Igor Kotenko
SPIIRAS, Russia
-
Zbigniew Kotulski
WUT, Poland
-
Christian Kraetzer
OVGU, Germany
-
Jean-Francois Lalande
CentraleSupélec, France
-
Matthew Luckie
Waikato, New Zealand
-
Tyler Moore
TU, USA
-
Giovane Moura
SIDN, Netherlands
-
Philippe Owezarski
LAAS-CNRS, France
-
Franck Rousseau
Grenoble INP, France
-
Ewa Syta
Trinity, USA
-
Hui Tian
HQU, China
-
Guillaume Urvoy-Keller
UNS, France
-
Tom van Goethem
KU Leuven, Belgium
-
Roland van Rijswijk-Deij
SURFnet and UT, Netherlands
-
Jeroen van der Ham
NCSC, Netherlands
-
Steffen Wendzel
HS Worms, Germany
-
Katsunari Yoshioka
YNU, Japan
-
Nur Zincir-Heywood
Dal, Canada
- Steering Committee
-
kc claffy
CAIDA, USA
-
Kensuke Fukuda
NII, Japan
-
Michel van Eeten
TU Delft, Netherlands
